29

Apr 2020

Sp@m Links

It is bit complicated to explain to someone with little knowledge of how spam links actually work. I’ll try to simplify the process as much as I can, while doing that I’ll be technically-incorrect at some places, so I humbly request my techie friends to ignore those, please!

Starting of with lighter explanation, so before I explain spam, let me explain a bit of how internet works and what are websites…

There are typically two endpoints when we are on the Internet and interacting with a website (one of those incorrect statements I forewarned).
a) Your computer, requesting something;
b) The server, answering to the request

So, when you click on the link (let’s say this post) – browser on your computer, the client, requested mirsolutions.net, the server, to show this post. The end part of the link is typically what you asked from the server. The underlined_bold part next is an example of that request mirsolutions.net/techtalk/spam-links.

The initial information on the server is contained in a file, just like the files saved on your computer, documents, spreadsheets etc. However, on server it is a piece of code that will respond to the request.

At the very least it is in an HTML file (Hyper-Text Markup Language), which is essentially a formatted wrapper for the contents you are about to see. The same file may have many sections within, including code to beautify the contents, organize, and even interact with user (which you click to expand/close a menu on the page), we call it Styles. The same file likely has piece of code that may not render much contents but handles the data coming in and out during the interaction between server and client, making your experience dynamic. For example, when you drag and drop an image on a page to upload, or your are shopping and add your ZIP code to calculate shipping cost. That section contains Scripts.

Going back to HTML, the keyword is “Hyper-Text”, meaning, not everything is contained in one file. Which is the beauty and curse of this whole technology. All the things are “linked” in one file using “hyperlinks” which is a pointer of some other file. For example the pictures/images you see on a page and not in the file, but other individual files. The style and script code pieces can also be additional files. The “server” puts all the pieces back together and shows it to you in a seamless, presentable format.

Now, when I say other individual files, and this could be alarming to some (but don’t be), those files may not necessarily be on the same server you thought you were communicating. The styles, script files, even the images could be saved on a totally different server across the world, but the “hyperlink” on that code page will pull that information and make it seamless to you. I’m hoping you’re so far with me…

Back to “the client”, your machine: obviously when you request something from the server, “the internet” knows where to find that information (the mirsolutions.net domain, in this case), but how to send the information back to you. Well all the machines on a network (internet is a giant network of machines) have an identifier called the IP address (again keeping it simple, it is bit complicated than that). A typical IP address is like: 168.192.000.000 (a number between 0 and 255 around the dots). So when you actually make a request, the request portion includes your address so that the server can send the response back. Just like regular human communication, you make a phone call, send a text message or write a letter (seriously, do you still write a letter?) your “address” must be known by the recipient to respond back, call back, text back or (gulp) write a letter.

So far so good??

It’s a could be overly complicated to explain how websites interact with our machines – I’ll provide some links below to follow, if you’re curious.

Remember the servers keeps most of the information in raw format and computes when requested. Which is then transferred to your machine and saved on the local temporary location before it is actually rendered, This is done to make your experience “better”, and then some additional information is also saved on your machine by the servers. This includes, but not limited to, browsing history, items you are shopping for, last session information, typically referred to as “cookies”. Your browser application (Chrome, Edge, Internet Explorer, Safari etc) also saves password. Bottom line when you request something from a server, or click a link, the information sent to server includes:

  • your IP address
  • your browser information
  • your operating system (windows, mac)
  • last visited page

The server sends the request back with HTML (Contents, Style, scripts) back and a seamless back and forth to read cookies and update contents based on your interaction. Now all that is good so far and working as intended by you and the server’s role.

The NOT Good Side:
Here comes the ugly part, when you click on a link in the email or text message, the code on the server will do all of the above with malicious intent. First off “the spammer”, will send the same HTML code with styles and scripts and can read information from your machine. Since the files are downloaded on your machine temp location, it can include a malware within that script code that can open a backdoor for a “hacker” to gain more access to your machine. Reason being the browsers are limited to interacting with servers in a certain behavior and can only do just a little bit of damage. A “backdoor” is an application that can allow full access to the computer especially in the background and the user wouldn’t even know what’s going on, until the abnormalities become apparent to the user, if they do. Once they’re in and have access to one machine in a network (office or home), they can infect many others.

How to protect yourself:
Pretty much everything that is plugged in and more specifically “is online” can be compromised easily. The machine language is just bunch of “zeros and ones”, like a switch, any malicious flip can open or close and unintended door. In other words, it’s the matter of “when” not “if”. What every individual should do is at least have a basic malware protection and the two major OS, Windows and Mac have built-inn decent protection against launch of applications and known malicious code, based on heuristic data. The weakest link, like it or not, is the human using the machine. So what can you do:

  1. DO NOT click on the links, especially in the random emails, including from known parties. If you have an email from “your bank”, you should have app on the phone or know the website address of the bank. Type it or if you have it bookmarked, use that to login to do whatever you need to do. DO NOT click the links.
  2. Any exciting, spicy news article? Go to your favorite search engine and plug in the keywords…
  3. Won a vacation or prize – just delete that email 🙂
  4. Package tracking? Did you really order something? If you go to that website, find your order and track from there.
  5. Your computer is infected? It will when you click that link or alert.
  6. Update your driver? (this is true without emails, small window will appear on the bottom right or middle of the screen) — DO NOT click….

Below are some reference material I found on the web that can be useful:

YouTube Video – How Internet Works in 5 minutes

External links