I’ve been around long enough to recognize malware when I see it, and I still take lots of precautions to ensure that something doesn’t sneak by (I use OpenDNS, Web of Trust, NoScript, and Ghostery, for example) but a few moments ago, I was almost tricked by a malware site, and if it could happen to me, it could happen to someone who is less paranoid.
So I present this as a warning, a reminder, and a public service.
I thought I was going to youtube.com/geekandsundry to see if our Tabletop gag reel had been posted, yet. When I hit return, I saw this:
I haven’t heard of Flash Player Pro, but it looked real, and maybe this was some new stupid thing that I was going to get mad about, with YouTube forcing me to download some new version of software that I didn’t already have.
So that should have been my first warning: YouTube is never going to make it harder for me to get to see the stuff I want to see, because that would make it harder for YouTube to show me ads.
But I’m still waking up, so I clicked “accept and install”, and saw this:
Ah-ha! Evil malware people use .exe files because it’s easier to infect Windows than it is to infect OS X, and I understand that it’s fairly common for people to tick off a box in Windows that allows pretty much anything to install itself. You know, for convenience.
Well, I clicked CANCEL, and tried to figure out how my browser had taken me to this site, and how it had even gotten past all of my defenses to load itself.
It turns out that I’d typed youtuve.com, not youtube.com, and the bad guys had done the rest.
So be careful out there, kids, because not everyone online is a good guy.
Edit: Here’s the gag reel!