Home » Articles » Malicious Websites Explained
Click Here To Hide Tor

Malicious Websites Explained

Surfing the web you will have heard about the existence of malicious websites. Virustotal is a well known website that helps you to discover which site is malicious and which is not before actually requesting the suspected URL in your browser. But what does it mean that a website is classified as “malicious”? What actions do these sites perform and how do they manage to do that? In this article you’ll read a brief introduction about how these sites work, how you can recognize them and how you can be able to protect yourself from them.

How A Malicious Site Acts

We can distinguish between two different kind of evil sites. Those that require an action performed by the user to infect him and those that infect the victim without requiring any action. When you visit a website you can be infected in different ways. You can click on an advertisement unwittingly starting a malicious action performed by the server, you can download and open a dangerous content stored on the server, you can have your credentials stolen if the site you’re visiting is a phishing site or you can just sit in front of your computer, require a certain URL and be infected without having done anything wrong. Well, for what concerns downloading an evil content, the mechanism is simple. If you execute the downloaded content (beware that it could also be an image or a pdf with an attached, hidden virus, not necessarily a “.exe” file) a malware will be executed on your machine and you’ll be infected. In the case of an advertisement, an innocuous advertisement is placed on a trustworthy website, and successfully injected with a malware. In this way, the ad becomes a widespread malware that infects all the users that are visiting the site. In some cases, the malware can be spreaded only if you click on the advertisement. Then you’ll be redirected to a malicious website instead of the site you expected. In other cases you can be infected without doing anything.

When we talk about malicious websites capable of infecting home computers without requiring any action from the user, we wonder how these sites work. The answer resides mostly in javascript and flash. When you visit a simple website built using only HTML (today is quite rare that no javascript is implemented but let’s talk theoretically), the basic behaviour of the web application, consists in you requesting the page and the server simply answering showing that page. Nothing dangerous happens by the client side. Anyway using only HTML results in numerous limits in the rendering of a web page, so it is likely that a web developer chooses to use javascript, a language that helps him to make his web pages more catchy. Anyway, implementing a language running the scripts by the server side would terribly overload the server, so javascript executes the scripts by the client side (thus the script runs directly on your personal computer), resulting in a lot of saved work for the servers. This technique has a side effect. A malicious website could implement a script that performs evil actions on the victim’s pc, without the victim’s acknowledgement. More than this, the evil script will be certainly confusing, thus encrypted in a manner that even inspecting the source code, it will be impossible to notice for a normal user.

How Can You Protect Yourself ?

For what regards the first type of malicious site, thus those that infect you after you perform a certain action, the recommendation is to avoid to download content or clicking on links or ads. If you really have to click on a link, you can do it in a virtual machine or you can copy and paste it on virustotal before clicking it, just to control it is not a malicious site. Anyway there could be some kind of redirection so the link that appears on the site is not really related to the named site but to a malicious site. In this case, pasting the fake link in virustotal will not be useful, so please just avoid clicking on links. Once you have downloaded a malware, just hope that your antivirus can disarm it or that your firewall can close the connection between your pc and the evil server.

For what concerns the second kind, there are few things that you can do encountering a malicious site that can infect you without you having done anything. The first thing you can do is patching your browser. Great organizations of hackers, usually target well known exploitable vulnerabilities, so if you patch your browser and update your system with all your software, you should be secured by this point of view. Anyway you couldn’t avoid a zero day infection. In order to maximize the number of victims infected, hackers will target the most used browsers, so a way to avoid being attacked, could be using a different browser. Take a look to the statistics on the different browsers’ usage and make your considerations. The last thing you can do is using a blacklist. There are numerous lists of websites known as malicious, you can use them copying them in your browser’s blacklist so that you’ll never encounter the evil sites in your life. Also take a look at the google’s blacklist when searching a website in your searching engine. Google will enlighten the sites considered malicious.

One comment

  1. My solution to this P0rn problem is as follows:

    1. Firefox with cookies and history disabled.
    2. Always with NoScript! I eanable only what i need!
    3. uBlock origin for extra protection.
    4. UPDATE BROWSER! UPDATE OS! CHECK EVERY DAY!
    *Software firewall with NDIS.(In the event of file-less attack)

Leave a Reply

Your email address will not be published. Required fields are marked *

*

Captcha: *