Another suspicious email showed up, and I decided to try out the link in an Oracle VirtualBox machine. The VM is a vanilla Windows XP with no virus protection. I copied the link from the “paypal” email and pasted it into Internet Explorer on the VM.
To my surprise, rather than the link having any effect on the Virtual Machine, it was intercepted by AVG Free on the host machine. I had thought the packets would be silently shuffled through the virtual ethernet adapter to the browser in the vm. But it seems that AVG operates on low level traffic and VirtualBox ethernet adapters are exposed to it.
I think that phuture phishing phun would best be done on a physical machine, preferably in a DMZ.
Since AVG detected this in the process of delivering packets to a virtual machine, I have some confidence that I wouldn’t have been vulnerable even on the host machine. Fingers crossed. For the record, the threat was Blackhole Exploit Kit Detection. Here’s how it looked on the Virtual Machine, along with AVG’s detection on the host.
Careful what you click on!