clicking a spam link

[CCMUA2009]

We use Norton Antivirus 2008 as our real time protection (all protection defs are updated multiple times a day)

We use malwarebytes as an on demand scanner along with spybot S&D.

OS is vista with IE7.

We use a limited user account, which requires admin pass code to download and install (we even need to use the admin passcode to update malwarebytes defs)

My wife received an email from a trusted source. In the email there was a link. She clicked it and it turned out to be a link to an online pharmacy which opened in the browser window. She immediately shut down the window.

I do not recall the exact link but it was something like (the fcpages.com part is 100% correct, the first part about 80%)

www.elvwain.fcpages.com

After we did a scan( with defs updated) with Norton, SpyBot, Windows defender, and Malwarebytes, all coming up clean

So my questions:

1. If there was something malicious on this webpage (the online pharmacy) malwarebytes would most likely have detected it, correct?

2. Could this just have been a simple spam redirect? Meaning that there was no malicious infection?

[GT500]

1. If there was something malicious on this webpage (the online pharmacy) malwarebytes would most likely have detected it, correct?

Well, we like to think so, but sadly there are always new things coming out, and we can't always find them the moment they hit the Internet. This is why a good anti-virus is important to have alongside our software. They compliment each other, and they each protect better in different areas.

2. Could this just have been a simple spam redirect? Meaning that there was no malicious infection?

Most likely there was nothing malicious on the page. Online pharmacy stuff is more interested in getting you to pay money for a nonexistent product than it is with anything else. Granted that isn't always the case, and there's nothing wrong with running scans just to be sure.

[YoKenny1]

Online pharmacy stuff is more interested in getting you to pay money for a nonexistent product than it is with anything else.

Plus getting your Credit Card information so that they can route payments to money transfer mules for direct funds transfer

[CCMUA2009]

Plus getting your Credit Card information so that they can route payments to money transfer mules for direct funds transfer

So not so much for trying to install malware, but for peopel more stupid than us ( stupider than my wife and I who clicked on it) who might actually try to order from them. That was propbably the intention, eh? Not installing malware, but getting "orders"?

[noknojon]

Hi crew -

Just as an added extra - I think IE 8 is the preferred usage, especially with Vista, for MBAM (unless it causes problems) compared to IE 7, or use F/fox -

This is due to IE 8 being more secure as well - Also remember it is that time of the year when spammers as well as scammers hit due to increased traffic -

Unfortunately as noted by YoKenny1 your email can be used as a mule to carry these links that we never know are 100% secure -

Thank you -

[mountaintree16]

CCMUA2009

to add to what noknojon said - on Vista and 7, IE has a protected mode which makes it MUCH safer than it is on XP

And just for future reference, if you ever get a link in an email that appears to be from a trusted source again, ask that source/person (if possible) if they actually meant to send you that link. Same goes for any e-cards (another potential source of infection).

[CCMUA2009]

Actually, it was my wife that clicked on it. She said she didn't she said it was a pop up. But her email was open and I clicked the email in question and the link was in tha email.

Plus the webpage in question ( the online pharmacy) was in the IE7 browser history

Plus like an idiot, I clicked on the link in the browser histiory

1.So if it was in the browser history the page must have been clicked on initially, right??

2. So my clicking it from broswer history did not do anything more than was already done, right?

3. But since all scans come up clean, the probability that this was just a spam link is pretty high and a virus type of infection pretty low, right?

[kimsland]

We use Norton Antivirus 2008 as our real time protection (all protection defs are updated multiple times a day)

Oh, that's a bit old now. Symantec have released 2 new full program updates since then

I'd recommend an online scan with Eset: http://www.eset.com/onlinescan/

If it finds and removes any Viruses, maybe think of updating, or better yet using a better Antivirus, ie Free Avira Antivirus (In my view much better than Norton)

Oh and I personally don't like Spybot S&D either

But I suppose its all about choice

[mountaintree16]

I use SpyBot for its great immunization feature

[calintexas]

Your Norton AV subscription should allow you to update to the latest version 2010 at no cost as long as your subscription has time remaining. You should go ahead and do that as the newer versions of Norton AV generally require less system resources and are more capable.

[mountaintree16]

@ CCMUA2009

Oh, okay. Well at any rate, inform her also that any links should be verified that the trusted sender meant to send them to you, and also the same goes for any e-cards that appear to have come from someone you know.

Hmm. Yeah, any online pharmacy's should be heavily researched first... I would only trust using one if it was like Rite Aid, CVS, etc or a local drugstore in your area. I wouldn't use any other ones.

1) Yeah, if it was in the broswer history it had to have been clicked on initially UNLESS you are experiencing any browser redirects/search engine redirects. If you are not, then yes, it would have had to have been clicked on if its showing you your browser history as far as I know.

2) As for you clicking on it again, you probably didn't do more than was already done, but can't say for sure of course.

3) Yes, I would think that since your scans all came up clean, it was probably just a scammy website or something like that vs actually having malicious content.

If you want to make sure you're clean, you could post in the HJT forum, but, it is very busy in there currently so it could be 2 days or more before you get a response.