I just received an email that appears to be from McAfee (I have my doubts) with the subject of: Consumer Threat Alerts: Take These Actions Before July 9 To Ensure You’ll Stay Connected. It says something about the FBI shutting down servers.. etc..... The message contains a link to a zip file named: http://18.104.22.168/images/dnschanger-stinger.zip and instructs one to open the zip and run the application it contains. This sounds a bit strange to me. Is this really from McAfee??
Thanks for your time.
It would appear so. I assume you belong to some mailing list or your product includes newsletters perhaps?
See this blog for more information: http://blogs.mcafee.com/consumer/consumer-threat-alerts/internet-users-take-these-actions
I haven't seen this email, and I'm signed up for most of what's going. It looks authentic but that doesn't mean a thing.
As a general rule, don't follow any link that includes in it a hard-coded IP address. If you're curious, use one of the available IP-checkers to get information on the site associated with the address.
Using one of those tools gives the following results for 22.214.171.124 :
Check for yourself at http://ip2geolocation.com/?ip=126.96.36.199&lang=en
Clicking on the URL starts the download process immediately, with the address bar showing the source as "strongmail.mcafee.com". I rate this then as 95% safe. I don't like the indirection and lack of clarity. Why not just put it on the website and give a link to that?
Why on earth McAfee are giving out a link to a download with a URL that only has an IP address to identify it is beyond me. It may be safe, but it doesn't look safe.
For information on the DNSChanger cutoff and background to the story see the thread at https://community.mcafee.com/message/246405#246405, which refers back to earlier threads about the story.
Message was edited by: Hayton - fix typos - on 07/07/12 16:21:09 ISTMessage was edited by: Hayton - modify thread link - on 08/07/12 18:20:22 IST
There is such a version of Stinger however...took me a while to find it though as it isn't listed in the usual place. It's mentioned in that blog I posted.
Agreed. The email is a mailshot of the blog, but it would have been better if the email had provided a link to that page on the McAfee website and let anyone who wanted to download the tool do it from there. And on the subject of Consumer blogs, there really should be a link to that section in the Useful Links dropdown menu.
Yes please do that would freak some users out. james you were correct to be cautious I to do not like having an Ip in the addressMessage was edited by: Peacekeeper on 8/07/12 2:21:17 PM
JamesKB I've made this a topic for our conference call with McAfee staff on Monday afternoon. Hopefully it'll make them think twice before including doubtful-looking links in emails, blogs and bulletins in future.
Thanks for pointing it out.
Message was edited by: Ex_Brit on 07/07/12 5:42:28 EDT PM