Home / ubuntu / Questions / 132841
Accepted
Boris
Asked: 2012-05-07 12:49:39 +0800 CST

Is it risky to download a script with a http://goo.gl/ link?

  • 772

Following the advise of an answer in Ask Ubuntu, I downloaded and ran a script with a URL starting by http://goo.gl/

Is it risky to use such file? could it be a virus or something else?

If yes, what should I do?

Some details:
I followed this answer, and did

    wget -O amd-driver-installer-12-4-x86.x86_64.run http://goo.gl/VGYWP
    chmod +x amd-driver-installer-12-4-x86.x86_64.run 
    ./amd-driver-installer-12-4-x86.x86_64.run --extract driver
security malware viruses

4 Answers

  1. Extremely risky.

    First you need to find what the original link of the shortened link is.

    To do that add a + to the end of the goo.gl link like this (do not follow the link straight, because there is no way to know where it leads from just the address):

    http://goo.gl/VGYWP+

    This shows us the stats of who has clicked on it, and where they are located (it collects extra information, not just "link shortening") and shows that the real link is:

    http://www2.ati.com/drivers/linux/amd-driver-installer-12-4-x86.x86_64.run

    and the command you should use on that step is:

    wget -O amd-driver-installer-12-4-x86.x86_64.run http://www2.ati.com/drivers/linux/amd-driver-installer-12-4-x86.x86_64.run

    This also shows that a lot of people are "copy and pasting" same outdated answers from certain sites, and some are not citing where they got the information from.

    • 6

  2. http://goo.gl/ is a url shortener service. You aren't downloading a file from that link, but it is redirecting you to somewhere else. It would be useful if you let us know where is the link sending you to, in order to know what happened when you clicked that link.

    There are risks involved in downloading files from the net but the majority of the downloaded files get into your computer without execution properties allowed, so you aren't in a risk until you run it.

    If you already run it, you should add to your question what did you do, this way people will be able to give you a warning or a solution.

    Good luck!

    • 5

  3. http://goo.gl/ is a URL shortener, that is it is creating short URLs that redirect you to other, usually longer, URLs. As it can be used to create a redirect to any URL out there a goog.le link it may point to malicious or otherwise unwanted software.

    In general you should never run any code if you are not sure that you can trust the source you got in from.

    Maybe you could show us the script you run so we could tell you it it did any harm.

    • 3
  4. Best Answer

    I just create this answer to mark that I get the answer to my question in your answers and comments.

    To sum up:

    • yes a http://goo.gl/something can be risky, especially if then you run the downloaded script.

    • to know what is behind such link, 2 solutions :

      • curl -I http://goo.gl/something
        in my case:

        curl -I http://goo.gl/VGYWP
Location: http://www2.ati.com/drivers/linux/amd-driver-installer-12-4-x86.x86_64.run

      • or do not download with wget but with Firefox and open your eyes enter image description here enter image description here

    • then you can evaluate the risk knowing the location of the file to be downloaded.

    Thank you all for your quick answers and comments.

    • 2