Hi malware fighters and users of these forums,
Sometimes you see requests to new users to break links to malicious websites that may harm users that click these live links. I explained this to someone on the NoScript forum that did not understand this policy for obvious reasons, he was not aware of the risks.
As I work as a malware fighter on a web forum we know how to break links. So when a link with some possible malicious redirects or malicious script would be broken like: hxtp://evilmalicioussite.com or like evilmalicious dot com or : "www dot evilmalicious dot com. The person that knows what it should look like can enter the address in a (link) scanner like bad stuff detektor, Exploit Prevention Lab link scanner, DrWeb's av link checker plug-in extension for fx or Webpage Security Report = : http://www.unmaskparasites.com/security-report/ , without having to click on it directly and probably get infected as a worst case scenario (not if you have NoScript installed and active off-course, but we all know that here). - So it is to prevent that curiosity will kill the proverbial n00b cat. - We have to point this out to new users of anti malware forums again and again, but after a while they understand why we do this and why we follow this policy/ Also when publishing malicious or suspicious script in for instance a hidden iFrame or injected obfuscated script, we try to break that by putting ^ where > should be or entering some ..... Better is to make a screen dump and link to a picture of the code found, because that cannot be flagged by a scanner, while with a real script that can be a possibility under certain circumstances. We find that some av now is alerting on all obfuscated scripts for reasons that the use of obfuscation is suspicious to them, for what do they have to hide? But sometimes the author of a script want to protect it from/for copy cats, but when they use packers that are also used by cybercriminals to hide their evil intentions, av may and will more often than not flag it.That is another reason that I think NoScript has the only best elegant solution for these problems, what is blocked cannot run, and what does not run can’t infect. The only hole now is that sites that you have whitelisted as trusted can have been hacked any time from the moment you gave them a clean bill and where they had a good reputation before, there is so much automated and bot-related injection of malcode with just some bits of older (vulnerable) software version or a changed or outdated component somewhere around that this may be enough to own a site for malicious purposes. In these cases I think RequestPolicy add-on in fx or flock is the best elegant solution to block any request to third party & possibly malicious re-directs. A webshield as a third layer of protection to flag and to disconnect from some redirect(s) to a malware downloading site with drive-by-downloads of malware all sorts is another option open to users, setting killbits and protecting via blacklist blocking is another option,
Well no excuse to do this any longer,
polonus