Those of us who try to make an honest living using the internet are often overshadowed by those who use the internet as a tool for destruction.
Cyber security is a real threat, and it comes in various shapes, sizes, and disguises. Even though we might spend lots of money maintaining our anti-virus and firewall software, there are still Trojan types of attacks that can catch you completely off guard.
I was able to identify and document a Trojan cyber attack last week that could catch you off guard, especially if you use the Safari and Internet Explorer browsers.
It all started with a comment to one of my previous Daily Nuggets. Blog commenting is a known tactic of spammers who are trying to boost their website ranking. It doesn't work, but they still do it anyway. You have to moderate all of your own blog comments to keep this spam out.
As a rule, I delete all comments that do not have some type of value add to the topic of the Nugget. Most of the comments I receive are promotions. I usually have a good laugh when the comments are solicitations for increasing the SEO of my website. Seriously, talk about a clueless spammer... Just like those idiots who friend request me on Facebook and then try to chat with me immediately to sell me diamonds. Do these people even pay attention to who they are soliciting? Obviously not.
But I digress...
Anyway, here's the blog comment I received the other day:
My suspicions told me that this was just spam. The comment simply says "i like it." The irony of the comments I get on the jwag.biz site is that the majority of the spammy comments are placed on Nuggets that talk about blog comment spam. The above Nugget was "5 Website Commenting Systems."
The moderation process is when you take a few minutes to read the comment posted, the blog entry it was posted to, and manually determine if the comment has value.
The above "i like it" comment had no value and I won't be approving it.
My website sends an email every time a new comment is posted to the website. All comments are hidden until approved, which means I don't have to take any action on this right now. At some later date, I can go through my comment database and delete all the comments that are not approved.
Your website might not send you a comment notification, in which case you will find out about it the next time you log into your administration area.
The Trojan Horse
The above comment had a real website address that was of interest to me. One of my jewelry designer clients was recently looking for a new source of leather cords for mens bracelets, and this one suddenly presented itself.
Before I go any further, I want to tell you that if you have determined that a moderated comment is spam, then you should not visit the website they list in their comment.
This certainly is a case of "Do as I say, not as I do."
I decided to visit this leather cord website in Firefox and was greeted with this frightening page:
The warning message says that this website tries to install a program on your computer and steal private information.
Here's the message you see when trying to visit this site in Google Chrome:
The obvious course of action is to abort and not go any further.
Trojans Still Get Through
Trojan horses are still invited inside the gates of your security when you're not careful, and in this case, on my computer it was only the Firefox and Chrome browsers that gave me this security warning; Internet Explorer and Safari didn't provide any warning at all.
Here's my screen shot when using Internet Explorer:
I didn't click deeper into this site at all. In order for the malware program to do any damage I would have to start clicking around this site and approve any pop-ups that might occur. No sense tempting fate here.
I don't use Internet Explorer other than for testing websites. According to my tracking, I.E. still accounts for 13.8% of browser usage. I.E. falls short here even though I have the most updated version of I.E. installed on my computer.
Even though I found this malicious website through blog comment spam, I wanted to see what Google Search was saying about it. So I googled the domain name to get these results:
As you can see in the above SERP, Google usually tags a website with the message "This site may harm your computer." Personally, I wish they'd put that message in red instead of the standard blue. The blue text makes it appear like a normal Sitelink rather than an important security message.
Don't trust comment spam. Make sure to moderate the comments posted to your blog and ignore the comments you deem to be spam, and don't visit their website either.