Jump to content
Jeff E.

Accidentally Pasted Malicious URL or Code into Evernote Web

Recommended Posts

Hello Fellow EN Users,

First and foremost, thanks for all of your contributions here in the forum - I appreciate having such a valuable resource here!
I was wondering if I can get your opinion(s) on this behavior listed below, and answer a question.

Over the past number of weeks, I've been compiling a list of misc information in a particular note in Evernote Web (via Google Chrome on Win10). This has mostly included web links, and some information copied and pasted from various websites. I added a couple of new simple web links on Friday, and noticed some concerning behavior when returning back to the login screen this morning. 

Since it was the last note modified, once I logged into Evernote Web, it defaulted to that note, however......There must have been some malicious code behind some of the webpage data I had copied and pasted (I'm guessing). The browser displayed my note for a couple of seconds, and then the page completely turned into a Google Chrome warning, informing me that a page/url was a phishing site. I screen recorded this behavior HERE. Since I had refreshed a couple of times to investigate, you can't see my page load up first here, as it immediately displays the Chrome warning. Seeing how the URL never actually changes from what appears to be the note's URL, it doesn't look like it tried to redirect, which is good. I'm guessing that Chrome was scanning the page data and found this URL somewhere in my note. My concern and question, is that I most certainly would not have posted a text url to this suspicious website (given it's URL name), so I'm guessing that there may have been some code behind / in the background of some of the websites that I copied and pasted. Or maybe I did copy/paste this specific link URL, but didn't notice it since it was copied/pasted with an entire webpage of images, data, links, etc.

Btw, I deleted the entire suspected note, and all is well again :)

Your thoughts?
Thanks so much!

-jeff
 

Share this post


Link to post

Hi.  Good call on exterminating the note.  There are lots of online malware scans from reputable providers.  I posted something about that here - https://discussion.evernote.com/topic/96823-i-installed-malware/#comment-411209 - I'd be inclined to run a couple of scans just to be sure.

As to having pasted or clipped some active code,  it is possible that when a page first loaded some bad code stealthed along with it,  and when you clipped or pasted the content into Evernote,  the bad code was included.  Whether it could still do its original job having been translated into Evernote's ENML code in the note and then back again when displayed in the browser,  I have no idea.  It's very possible that Chrome's malware watch list was triggered by the URL and not the content - wIthout the original note (which I'd not want to see anyway) or the source URL I don't think its possible to investigate any further.  It's good that Chrome flagged the issue,  and its encouraging that your own antivirus software didn't throw up any warnings - that would be suspicious activity based rather than URL based.  Sadly it's a fact of life on the web today that nothing online can be guaranteed 100% safe.

Share this post


Link to post

Hi gazumped - thanks for your response! You make good points, and based on them, I would also concur that it was probably a URL in the note that was picked up by Chrome. Interesting about ENML code (I was wondering how the data was saved/translated, etc). Again, thanks for all of your helpful contributions here! 
-jeff

  • Like 1

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...