22

Again, I must mention that I have just started to learn about security. So, please bear with my newbie questions.

If I receive a shortened URL from somewhere, say in an my-email or in a social media post, how do I verify if it is a legitimate site and not some malicious site?

Ulkoma
  • 8,793
  • 16
  • 65
  • 95
FirstName LastName
  • 1,489
  • 4
  • 19
  • 28

3 Answers3

18

The simple answer is that you can't be 100% sure.

Here are 5 browser extensions that automatically expand short URLs for you to check visually if the destination website is familiar. But even familiar sites can contain malware or other attacks like Cross Site Scripting.

Google Chrome and Mozilla Firefox automatically perform checks against the Google Safe Browsing service but this service is not and cannot be up-to-date on all the threats all the time. ​​​​​ Most mainstream antivirus products have some active protection mechanism for web based threats but they are limited. For example, AV doesn't protect against Clickjacking.

Virus Total will scan your URL with many commercial products and services.

Pacerier
  • 3,253
  • 6
  • 34
  • 61
Cristian Dobre
  • 9,797
  • 1
  • 30
  • 50
  • 2
    "But even familiar sites can contain malware or other attacks like Cross Site Scripting." - for example - http://news.softpedia.com/news/Hacked-Kaspersky-Website-Infected-Users-with-Scareware-161818.shtml A facepalm moment. – FirstName LastName Jan 03 '13 at 21:55
  • 2
    I would have given examples of more popular websites but that is the best example. Other examples: 4 Dec 2012 – Dalai Lama Website Serving Malware. May 2011 - Fake VirusTotal serves Drive-by Download Malware. Jerusalem Post website serving malware. Malaysia's Ministry of Foreign Affairs Website Serving Malware. Geek.com Site Hacked is serving up malware. Indian embassy website serving malware. – Cristian Dobre Jan 03 '13 at 22:01
  • 1
    @CristianDobre, Did http://www.google.com/safebrowsing/diagnostic?site=http://stackexchange.com/ just stated that there are 67 trojans on stackexchange? – Pacerier Jun 06 '14 at 16:36
  • 1
    Now it says "Malicious software includes 71 trojan(s)" and I don't know why. – Cristian Dobre Jun 10 '14 at 09:04
12

You can start by submitting it to LongURL. That will usually give you the full destination URL. Then you can run it through other online tools like Web of Trust, and McAfee SiteAdvisor, to get an idea of what's there and if there are any known risks.

However, your first question should be do you really trust the sender?

Iszi
  • 26,997
  • 18
  • 98
  • 163
  • 2
    I trust the sender. But what if someone has impersonated the sender ? Lets say, my friend shares a genuine link with me on Facebook. His account has been compromised. Someone edits/re-posts his post with a malicious link. I login to FB and chat with my friend, asking him - "hey ! did you post a link to a video/funny pic ? " He says yes, which is true. So, I click the link and i am in trouble. – FirstName LastName Jan 03 '13 at 21:45
  • 1
    Just because the *first* question should be a matter of trust, does not mean you should ignore the given guidelines if the answer is "yes". – Iszi Jan 03 '13 at 22:03
  • @FirstNameLastName - If I had a friend that I thought could have his Facebook account compromise I wouldn't trust any short url that friend posted. Sounds like you should just use a service to determine what the actual url is and always use that instead. – Ramhound Jan 09 '13 at 15:23
1

Check URL > http://checkshorturl.com/

Free web site security check > http://sucuri.net/

s3yfullah
  • 41
  • 3
  • Welcome to IT Security, TeknoSeyfo! On this site we expect answers to contain more than just a link or two. Would you care to edit your answer to elaborate on (for example) what these sites do, how they address the problem, any limitations they may have, and how best to use them to solve the poster's problem? – D.W. Jan 10 '13 at 06:53