HolidayBuyer's Guide

Spyware, Viruses, & Security forum

General discussion

Can visiting a malicious site automatically infect my computer?

by Lee Koo (ADMIN) CNET staff/forum admin / May 15, 2015 9:09 AM PDT
Question:

Can visiting a malicious site automatically infect my computer?


Since I use Google search for everything these days, it's almost impossible to know what websites are bad and may have malicious intent. My questions to you are, can I get a virus infection just by simply visiting a bad website? Or does it require an action by me like clicking on something within the website? Is an antivirus good enough to protect me from these heinous sites? How do you know if a website is good or bad? I think I've been lucky so far as to not visiting one of these bad sites, but I'm curious as to how these malicious sites work and how I can avoid them, as well as protecting myself if I were to accidentally visit one of them. Your thoughts and suggestions are welcomed. Thank you in advance.

--Submitted by Roger W.
Discussion is locked
You are posting a reply to: Can visiting a malicious site automatically infect my computer?
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Can visiting a malicious site automatically infect my computer?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Yes.
by Dafydd Forum moderator / May 15, 2015 9:17 AM PDT

A driveby infection is possible. You can use WOT (WebOfTrust) to flag bad sites.
Dafydd.

Collapse -
Ad Block Plus
by JCitizen / May 15, 2015 3:53 PM PDT
In reply to: Yes.

Is another good browser plug-in to use to block potentially bad advertisements that can at least invite malicious servers to attack you from the browser data files. No Script is another good rivet in the armor of a blended defense. I will not go into all the them here.

If you run as a restricted limited user (standard) account and do the other things suggested by others in this thread in keeping up with all operating system and application updates, you will go far in at least greatly mitigating the risk. Running CCleaner by Piriform with all pertinent check boxes filled, will help clean app data and other temporary files between page loads, browser sessions, or at least before logging off, restarting, or shutting down.

The pro version of Malwarebytes - Anti-malware (MBAM) will also let you know when you've caught one of these pesky files, as it will block malicious web servers in the first place, and tip you off that the website may not be using proper oversight of its ad server sources. In fact it will usually block the transfer of such files from the ad server in the first place!! Bear in mind that this has become very common, as suggested by others here, so even with all these protections the chance is, that you will still get a drive by - HOWEVER!! - if you go by at least these rules, you have gone a long way to lowering the threat profile to the minimum. Just don't click on just any email, and in fact don't trust shady looking emails or attachments from friends - that is the number one source of really bad attack vectors for malware today.

Of course java-script can be abused in the same, way as flash ads, so there is more than one way to receive a drive by - but then again, these above mentioned steps will make the difference. Some people have gone to the extreme of disabling java-script in their browser, and never installing any flash or java applications on their computers, but this can be an impractical solution for many of us that need web and application functionality. CNET also has some very good free utilities that can go the extra step in protecting the Internet Explorer and other browsers, but I'll will only mention one freebee here as in SpywareBlaster. It's main forte is PASSIVE real time protection in writing active x protection in the Internet Explorer browser - the company (Brightfort) also claims to have settings in Chrome and FireFox that can help protect those browsers, but I'm not as familiar with those claims. Of course good software and hardware firewalls can go a long way as well, but I've gone far enough with this post - I could go on and on ad nauseum, and probably already have. Thanks for you patience!

Collapse -
Another Malwarebytes tool
by Glenn51 / May 22, 2015 10:24 PM PDT
In reply to: Ad Block Plus

Malwarebytes has a NEW tool called Malwarebytes Anti-Exploit which has both a "free" and paid version that adds another layer of protection to ones browser! I have and use both of the free versions PLUS an good Anti-Virus with firewall. Now a days one can't be to overly cautious!!

Collapse -
Yes!
by JCitizen / May 23, 2015 6:19 AM PDT

Please be advised that if MBAM warns you are being attacked, immediately close the browser and run CCleaner on the limited user account you are browsing the web on. Otherwise if you ignore that warning the anti-exploit kit could end up getting into a very nasty battle with the malware and end up borking the entire installation of Windows - especially XP.

I've had at least one instance of that, and the client lost everything because he/she would not listen to my warnings on this. I was not even able to see files on the hard drive after this disaster, so it was the worst instance like this I have EVER seen!

Collapse -
A good tip.
by abrogard / May 23, 2015 8:26 AM PDT
In reply to: Yes!

Thanks for that. It is not an instinctive reaction because closing the browser seems like running away from the problem. Some of us (me) tend to remain on the page staring fascinated at the evil like a paralysed victim staring at a hooded cobra.

Get a message: close the browser, run CC. Good tip. Thanks.

Happy

Collapse -
Keep calm and don't ex out.
by Dafydd Forum moderator / May 23, 2015 8:39 AM PDT
In reply to: A good tip.

Exing out of what's on your screen will trigger the malware. Use Alt-F4 to close it.
Dafydd.

Collapse -
Running CCleaner
by JCitizen / May 24, 2015 3:50 PM PDT

immediately after that can sometimes rid the account of the attack package completely! Of course you have to be logged onto a limited rights user for that to work. I usually close the pop up with Task Manager, and then run CCleaner - all gone!

Collapse -
I should have made myself clear..
by JCitizen / May 24, 2015 3:53 PM PDT

I was talking about MBAM warning pop ups, not malware popups, but a newbie probably can't tell the difference, so your method is the safe way out.

Collapse -
Another tools
by d.thao / May 24, 2015 8:57 PM PDT
In reply to: Ad Block Plus

Hello,

I use Blockulicious as Firefox extension and my Trend anti virus as an Firefox extension as well.

Dominique

Collapse -
Do we really need all this protection?
by SlipJigs / December 23, 2015 8:42 AM PST
In reply to: Ad Block Plus

JCitizen: That’s quite a lot of information, and you’ve obviously have done a lot of research to even know about these solutions and products even more to know which ones do what, how they work, and how they measure up to the competition. On that you’ll get no argument here – I’ve just used MS Security Essentials Since Windows 7, and now with 10, Defender. This has worked for me, but my profile only consists of a limited number of emailers and websites and I rarely go to places I’m not sure about. That’s not because of security concerns, it’s just what I do as a matter of course.

I may be missing the point, but it seems that you are saying that in order to be completely protected, you have to have this multi-pronged approach. But shouldn’t we be moving towards more simplicity, and not more complexity? Everything else is – we have our router with default firewall settings, we have the OS with its default protection, and we let the OS just update itself when it thinks it needs to, to plug the holes. With all this, are all these various apps really necessary to monitor and scan for virii, this-ware, and that-ware. And if we really do need these things, then why isn’t there a single-solution program that takes care of it all? And I’m not even talking about a suite of apps from a single company – just one program. Overly simplistic, and maybe while this would be nice, it just doesn’t exist? They all claim to be comprehensive, but if they’re not and they know it, what else aren’t they telling us? I’m a skeptic, yes. Especially, when there are always at least three of these apps running on TV (way more on the web) that all claim to detect *.ware that the others can’t. Do we really know that at least some of these just show us a few malicious or just annoying scripts that got into our systems, that really aren’t there, they just make em up. And we pay the fee, it cleans our drives and our machines actually seem to run faster and we’re happy and tell our friends.

Collapse -
Good question!...
by JCitizen / December 23, 2015 10:20 AM PST

I can't help notice your nom de guerre is an impossibly long number, so I assume you take privacy seriously as well. I wish most folks had your attitude. Actually I am adopting something close to your approach - but the reason I am, is that Microsoft has been improving the NT 6 drive geometry and security(now NT 10 with the latest OS), and the hardware in new PCs is growing better with it; so I can simplify the basic requirements in modern systems.

The first question I ask a client, is "how much do you have to lose?". If they EVER enter a Social Security number into the keyboard or credit card, or shop online, or do banking or other financial activity on the PC - the requirements go up. So if you do have something to lose, this is my minimum requirement list:

1. Create an use only a limited (local) account for everyday use. Only go to the local administrator to download updates or install programs and applications. I don't recommend using the cloud based account system Windows 8 & above, forces you into - read CNET for the way to create a local account.

2. Install IBM's end point security browser protection called Rapport. This will definitely block all screen, video, and keyboard capture events. This is the only solution that has passed all six tests of the AKLT kit for testing keylogging and other spy threats. This will work in an infected environment, and updates itself most of the time.

3. Install Web of Trust (WOT), as discussed elsewhere in this thread.

4. Install CCleaner - if you set this utility up correctly and run the cleaner section just before reboot, shutdown, or before sensitive activities, it will delete any malware that can run with user privileges during that boot session.

5. Browser plug-ins are going away, but you will always have an app that can do the same thing as Sqript-Safe, No Script, or AdBlock Plus to hopefully block any drive by attacks by bad links or advertisements on even legitimate sites.

6. Activate Defender - I'm talking about the new one that came out with Windows 8, that is an anti-virus as well as an anti-malware. It doesn't hurt to add MBAM to this, because of its malicious server blocker in the paid version, but a good host file could do the same thing, if you can find one that auto updates - see CNET reviews.

7. Download the free version of Malwarebytes Anti-Exploit - if you were using EMET before, you may have to uninstall it. I feel that this utility works better than the glitchy EMET from Microsoft.

8. Use a password manager that for no other reason, at least encrypts the password on your hard drive. Many apps have a bad habit of recording all keystrokes and putting them on the hard drive where the bad guys don't even need a keylogger to find them. I have tested this, with a program available on CNET and was shocked to find many sensitive files in less that fifteen seconds!!! I'm serious about this one!

I will end the list there with one caveat - you really do need to keep all applications and operating system fully updated on the day the updates come out to plug vulnerabilities and prevent zero day drive by take overs of the operating system. To do this is easier - you can sign up for email alerts on CNET for your favorite applications, and make sure Windows Update is on automatic. I can recommend a couple of other utilities that make this much easier: One of them is Secunia PSI - it supposedly tries to do the updates automatically, but the more important feature is that it will usually pop up on Win7 limited accounts and tell you when you need a manual update. Bear in mind by this time, it has probably been at least two days to a month after the actual update came out. File Hippo's Application Manager can get you closer to zero day protection, but you have to log onto the Administrator to run it - if you put a desktop icon to all accounts, and run them as administrator you could short cut this task. Even the CNET alerts are late when it comes to flash. Adobe is not very good at auto updating flash - so if you can do without it, then don't install it - YouTube doesn't need it, and most sites use HTML-5 flash ability to bypass the need for it to be installed. If you have to - only use Chrome, as it definitely does not need flash at all. The other browsers are trying to catch up to this goal. The only source of zero day alert for Adobe flash, that I've found is to sign up for email alerts at Krebs on Security - he is the only way to get the alert on the day it is issued - sorry! CNET is always at least two days or more, late on this.

With the exception of flash - Internet Explorer is getting amazingly good at blocking threats all by itself!! I used to run a ******** lab, to test against malware invasion, and it was next to impossible to test my other defenses using IE-11 or better. The browser actually blocks about 85% of all threats on its own, and even switches from 32 bit to 64 bit automatically depending on web site requirements, which gives it even more protection. I have had to switch to sampling email spam to test against threats now, and even this can be difficult when your email is properly setup to exclude untrusted sources, or blocks active content in the inbox. Flash is the only vulnerability on this, so I hope most web sites will work for everyone just using the HTML-5 version of Internet Explorer - unfortunately there is no promise that Spartan or whatever Microsoft is going to call its new browser, is going to support extensions or apps of any kind. like password managers, or other things that used to be called plug-ins.

Collapse -
Simply yes.
by R. Proffitt Forum moderator / May 15, 2015 9:32 AM PDT

I think that WOT (Web Of Trust) is a good start. While it may not stop a web site that is new, any site that gets a bad reputation is flagged inside the first day or sooner.
Bob

Collapse -
I agree with Dafydd & Bob
by wpgwpg / May 15, 2015 10:36 AM PDT

In addition I suggest you never download software from anywhere but the site of the author or some place you know and trust like the big box stores (e.g. Amazon, Best Buy, Micro Center, Target, etc.). Also be sure you have good antivirus software that is kept up to date, and try to limit the no. of sites you visit that you don't know anything about.

Collapse -
The General Answer is YES
by Hforman / May 15, 2015 11:43 AM PDT

Many people think that, when you use your browser, you are looking at a photograph or you are viewing a website (like you view a television). In fact, what happens behind the scenes, is you are downloading files that contain computer programs that execute under your browser on YOUR computer. If you can find it on your computer (usually under the "view" menu), there is something called "View Source" that will show you the code that you are executing. It is usually in a language called "HTML" but could also be Java, Javascript, ASP, or many other languages. These can contain "malware" that can do very nasty things. I notice that you mentioned "virus" but a virus is only one type of malware out there. There are worms, Trojans, spyware, ransom-ware, etc. It would take a book to explain every type of malware to you but you can always look-up these things on a reputable endpoint protection website such as McAfee or Symantec. I am using Norton (Symantec) software and it does have a component that helps monitor the reputation of sites. WOT, as others have mentioned, is something to consider. However, if your computer does not have basic anti-malware software, you can also be exposed to programs and emails which may contain a bad payload. So, please be careful with what you download and emails that you receive. Never blindly open emails from unknown sources.

The general answer is that you don't need to click on a link. Just opening a page is enough. Just opening an email, is enough. And, others may disagree, opening even a photo or Microsoft document can also have bad results. Knowing the history of malware can give you insights into what is out there.

Collapse -
Good post..
by JCitizen / May 15, 2015 4:08 PM PDT

I gave you a thumbs up! You gave a great general description of what actually goes on in a web browsing session; but please have mercy on us IT road warriors and don't encourage folks to even THINK about putting anything McAfee on their computer! PLEASE! McCr@ppy gives me great heart burn! Cry

I would closer describe them as DIS-reputable to say the least!

Collapse -
That is a Strong Probability
by Hforman / May 16, 2015 2:39 AM PDT
In reply to: Good post..

I don't specifically "endorse" any specific a/v (I really should say "Anti-Malware") product. However, I just wanted to give the OP some examples. Many people don't like the BIG packages like McAfee and Symantec for a host of reasons. I used the example of Symantec because I know what it does and it does provide some protection against malicious websites.

I would add that, in terms of REALTIME protection, it is advisable to only have one product running in the background; however, it is always a good idea to have a few different on-demand scanners around since none of the catch everything. Spybot is a great solution for scanning for spyware. Malwarebytes is good too. It is really a case of those who have been around and have tried various things know what is best for their own computers and the way that the user works with it. My opinion is that "something" is a lot better than "nothing" especially if you keep valuable information on your computer (like your social security number, banking information or even the names and addresses of your friends and family.

Also, it is a great idea that if you want PRIVACY (email, contacts, etc.) you should consider having a look at the Terms of Service and the Privacy Policy of any website that you use on a regular basis. You may be very surprised at what websites claim that they do with your information and what they can do with your information. Especially if the site is "free-of-charge".

Collapse -
True..
by JCitizen / May 22, 2015 6:29 PM PDT

Thank you - I feel better already! Happy

Collapse -
mcCrappy
by tedtks / May 22, 2015 10:14 AM PDT
In reply to: Good post..

its a shame they bought out symantec - they used to be a great company.

Collapse -
Intel bought McAfee...
by JCitizen / May 23, 2015 6:23 AM PDT
In reply to: mcCrappy

They will have their work cut out for them trying to improve that disaster!

Collapse -
Rate sites with wot
by TheNeos / May 22, 2015 10:56 AM PDT

I would like to remind users that if you encounter a good or bad site rate with WOT.
This way the community will have the results of each one of us and be just a little more informed.

Collapse -
Love WOT
by EBathory / May 23, 2015 2:40 AM PDT
In reply to: Rate sites with wot

This tiny little site advisor is great. I always keep a lookout on that little colored ring it puts at the top of the page while I type in a URL. So easy to use and growing all the time. It's also good to read the reviews of sites that others have added. Highly recommend for everyone.

Collapse -
Unfortunately not all data on WOT is accurate
by pcahan / May 23, 2015 11:21 AM PDT
In reply to: Love WOT

Some malware containing sites are rated green and some clean sites are rated red.

<div>Often ratings are based on out of date information, so be sure to pay attention to dates on user comments. This is especially true of user comments blindly quoting other sites.
</div>
It is best to check multiple website reputation rating sites. hpHosts is another good one, but it can be a little slow adding sites to its database.

Siteadvisor is usully good as well.

Collapse -
Better inaccurate that no information at all..
by JCitizen / May 24, 2015 3:46 PM PDT

It has been my experience that McAfee and other site advisors miss some of the most dangerous sites. I'd rather have some inaccurate information that none at all about those places. It has also been my experience, that with WOT, if you post contrary information about a site, it can add weight against inaccurate information; the results can be instantaneous if the weight is barely against the site in question.

Collapse -
Mousing around
by aeparker / May 22, 2015 10:56 AM PDT

I ran my mouse over something that managed to activate a download of a rootkit about 5 years ago. It was just a fleeting feeling that Something Happened and then I was in deep trouble for a week. I now have a copy of rkill and mbam on a jump drive in my pocket Happy at all times.

Collapse -
I too did something that loaded a root kit on my desktop
by jdonalds / May 22, 2015 12:51 PM PDT
In reply to: Mousing around

Fortunately I recognized bad behavior immediately and shut the system down. I have swappable hard drives for my C drive. I keep all of my data on a D drive. I put the other hard drive in the C slot, formatted the infected drive, and marched on as if nothing had happened.

From that experience, and just knowing how fragile storage media is, I do lots of backups onto external hard drives and keep them unplugged from the system after I've completed a backup. I do an image backup from time to time as well.

You simply can not be too cautious. There are so many ways to attack our computers.

Collapse -
Not quite..
by compusolver / May 22, 2015 11:59 AM PDT

HTML is not a programming language and it can't hurt your computer. There have been various issues from time to time with Javascript, but browsers generally patch those asap. Code can be hidden in certain files, like graphics though. Cross-site scripting & cookies can cause problems, but staying away from dubious websites, not opening email from strangers or friends who don't follow safe practices, and using good anti virus should keep you out of the woods.

If you do get infected with a backdoor program (rootkit, etc), re-partition the discs and reinstall everything. Linux, though susceptible to these same issues, is much safer than Windows. Consider Ubuntu Linux which is easy to run and is free as is all the software you'reliably to need.

Collapse -
HTML is dangerous...
by galika1080 / May 22, 2015 10:27 PM PDT
In reply to: Not quite..

HTML actually can hurt your computer. Javascripts can be embedded inside of it, and these can run on page open or when something is clicked.

Collapse -
This is completely false
by griz_fan / May 22, 2015 11:20 PM PDT
In reply to: HTML is dangerous...

Please - if you don't know what you are talking about, spend more time reading and less time posting. HTML can not hurt your computer. Javascript is not 'embedded inside of it'. HTML is not a programming language! Any malicious software would be a result of an action you took.

The best way to protect your computer's operating system and files from malicious software is education. BS like this is a massive step backwards.

Seriously, it is not that hard:

1. Keep your OS patched and updated
2. Keep your browsers patched and updated
3. Very critical - keep Flash and Java patched and updated!
4. Consider browser plugins/option settings that prevent Flash and Java from running automatically.
5. Windows users - MalwareBytes is excellent, worth the price.
6. Web of Trust is a great add-on. Also, Google will flag sites with malicious software, but there can be a delay here.

Finally - practice skeptical computing. It is 11 years old, but this Ars Technica article (http://arstechnica.com/security/2004/11/malware/) has great information on how to be a smarter computer user. So many exploits involve tricking inexperienced computer users into doing something dumb.

oh - one last thing: learn to spot the difference between sound advise and BS.

Collapse -
Still Got Infected
by EBathory / May 23, 2015 2:52 AM PDT

I thought I had my PC wrapped up with levels of protection and have always been careful about downloading etc. Yet I believe there are sophisticated bad guys out there who have been advancing to an extent that no protection can keep up with them.

I began typing in a URL when I received a warning from MalwareBytes that the site was bad. In half a second I backed out of it. Then my troubles really started. Apparently in between typing the URL and the warning, the worst of the worst infected my PC--a bootkit. Total takeover from the moment I turned my PC on. It was as if other hands were typing. Wouldn't let me go into safe mode, and that was just the beginning. It was removed by Kaspersky TDSS killer.

The only way that malware reached my PC was in the split second between typing the URL and the malware warning. IMO the hackers are still ahead, and will always be. Tesla has asked Chinese hackers to see if they could remotely control one of their cars, and they did just that. As software spreads into other areas, you can bet it will attract ever more crooks and just plain thrill seekers. We can just do the best we can and keep our fingers crossed.

Collapse -
Very true EBathory!
by JCitizen / May 23, 2015 4:35 AM PDT
In reply to: Still Got Infected

But at least having as many layers of defense as you can will help survive the attack even if you get hit. As you have related also there are many tools that can help in the aftermath. Hitman Pro is another one. and as others may have posted ComboFix can also come into play. But for newbies it is better to use these things under instruction from a forum like bleepingcomputer or perhaps even CNET. My recommendation is always to run the rescue disk which you can burn on an uninfected machine called Kaspersky's Rescue Disc 10. Once you boot into that Linux environment, you can go to the Kaspersky site using the GUI of this format, and download your tools from the Kaspersky site. This can be accomplished by a newbie if they don't make things too complicated and watch the tutorials on youtube.

I always recommend to my clients to have these tools ready before disaster strikes, and to have a backup made ahead of disaster. This can make recovery so much easier and less stressful. It doesn't hurt to practice running the disk even when not necessary just to get the hang of it - you may even find a rootkit that was hiding from you all that time. This rescue disk was not capable of wireless communication the last time I used it, so Ethernet will be necessary. The disk stores all updates in the root directory of your hard-drive, so don't be alarmed if it writes to the drive. It fares well to get them on there ahead of time, so you don't have to wait so long to download so many updates after disaster strikes. Unfortunately there will always be Advanced Persistent Threats(APT), that can morph at any instant and avoid detection. Sometimes it is advisable to wait at least 24 hours before starting the PC in the rescue environment, so you can kill all processes and update to the latest zero day definitions. It has been my experience to try this with MBAM's anti-rootkit, in safemode after updating and removing the machine from the network. MBAM's solution has a better chance of removing the worst bugs without damaging the boot sector, or system files. I also scan any backup files with Avast before I recover a machine that had to be repaired. Many times I've found the batch-file package from the original attack sleeping in the backup files, and removed it before finishing recovery.

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

HOLIDAY GIFT GUIDE 2017

Cameras that make great holiday gifts

Let them start the new year with a step up in photo and video quality from a phone.