Dodgy Web Sites

No, we not talking about real web sites but fake ones. We have recently been alerted to the activities of a certain well-known attacker (the “Silent Librarian”), and whilst processing it I noticed something it might be helpful to more widely publicise.

The location bar of your browser (or the pop-up that appears when you “hover” over a link in an email) can be a useful source of information on how trustworthy a site is :-

This web site address (it currently gives an error if you happen to try and visit it) has nothing to do with the address (the university!) although it contains it. A certain number of “fake” web sites used by the previously mentioned attacker are set up like this – the address of a well-known institution with a different domain at the top.

A brief aside on domains: Domains are the wrong way around – for a domain such as, the most significant part is on the right – the UK, followed by the “ac” (for academic) and finally “port” (for us). Bits added to the right are more significant than the bits at the left.

If I were to register I could easily create a registration for and point it to a web site not under control of the university. And that is what this attacker is doing.

So when you visit web sites, it is always worth double-checking the location bar to check that the domain is what you expect it to be. And doesn’t look like a legitimate site but in fact it is only legitimate on the left-side.

This entry was posted in Active Attacks and tagged , . Bookmark the permalink.