Everyone of you knows this..- “Trust, but verify!” – but only a few of you follow this golden rule.

I follow a couple (of hundred) of people on Twitter and on Saturday night I did see this Tweet:

 

 

So… I clicked on the link and…   WTF??  I got this window popping up

 

 

Sure… NOT!

This is a classic case of malware 

Why? An Ethiopian goverment site would never ever link to some commercial site to check “your” computer.

 

Now we are going to investigate this. I changed browser – I was so lazy to use Google’s Chrome because it is fast (but insecure!) – to Firefox because it’s has some nice (security) plug ins

I visited the url again and this is what I got

 

 

URL moved? Hmm   let me check that..

 

 

 

Linked to sellbit.cn   Hey? A clue! Let me (temporarily) allow this to happen…

 

 

 

Look! A link to… traflab.cn  Hmm we will follow this one too..

 

 

 

Another one! A link to whale-tale.cn this time..   Again we will follow this one to see where we get..

 

 

 

WATCH IT!!  NOSCRIPT is blocking all this and as you can see, again we are linked to some other site. This time it’s 009antivirus.com and they try to run a program

Who and/or what is 009antivirus.com?   We check this and see the following info

 

 

 

Hmmm Created 2009-10-28 ??   Just 3 days ago!

We could e-mail Mr Foi M Summer and ask him to explain all this, because it is weird that a link to his site is placed on an Ethiopian goverment site.

But.. we don’t have to…  malwareurl.com has some nice info about 009antivirus.com and what do we see?

009antivirus.com is a well know malware site!!

 

I will not contact him.

What I will do is publish all this info, to share this with you. So you can see that even trustworthy links can be bad.

And… of course… contact the webmaster of http://www.addisababacity.gov.et

 

and… remember…  “Trust, but verify!”

Tags: "009antivirus.com", "sellbit.cn", "traflab.cn", "whale-tale.cn", "www.addisababacity.gov.et", 2009, Chrome, Firefox, hack, hacked, Joomla, Malware, Security, Twitter