Security: Check href & body parts of links
|Reported by:||neomenlo||Owned by:|
|Version:||2.3.1||Keywords:||security, links, url, virus|
Many viruses spread by IM use deceptive URLs to trick the victim to click them.
For example, I received an IM, but I copy and pasted the location and noticed the discrepancy.
The link in blue said something like:
When the URL (href) went to:
1: The URLs do not match
I would like to see pidgin automatically check if the urls are different, and warn the user that the link is high risk and deceptive. However, a few links are sent with a completely different body by wrapping a few words with a url.
2: The url leads to an executable
I don't think I've ever seen an executable transfered via IM protocol. So, links to executables should also bring up a warning dialog telling the risks.