A few days ago, he asked me about a couple of sites he found on Craigslist. He knows not to click any links. He was going to type the URLs into his search engine. First though, he emailed me.
“Can you get a malicious virus just from going to a website?”
My experts at HiTechnique LLC, the company our BBB office uses for anti-virus protection, said: Maybe.
How it Works
Yes, it can happen, they told me, although it’s rare. The website itself is usually not the problem—the malware comes from resold advertisement space that’s been hijacked. Many sites don’t know where their advertisements are delivered from, thanks to a complex series of ad buyers and sellers. And every time a page loads, a different ad vendor is pulled together with the legitimate website.
A hijacked ad will have a code that can check, as soon as the site loads, to see what your computer’s vulnerabilities are. If it finds what it’s looking for, it will try to take advantage.
What about anti-virus software? Necessary, but hijacked ads delivering malware won’t usually be detected by it. Why not? Technically, this code payload is not a virus. It is malicious software. Usually it tries to disable your anti-virus software, then open up additional back doors to bring in spyware, additional malware and viruses. It can happen in seconds.
What if you’re searching for a site? If it’s new to you, you could hit into a spoofed, compromised, or hijacked site.
A Sept 21 blog by Becky Maier with the Pittsburgh BBB mentioned that blind searches for model Heidi Klum had a one in ten chance of leading to a website that could compromise your personal information.
Fortunately, major search providers like Google, Bing, and Yahoo are aware of these insecure sites and constantly create new ways to keep known malicious sites from appearing in their results.
It’s just like the battle doctors wage against viruses: A cat-and-mouse game where a mutation occurs, then the medicine to treat it, then another mutation.
- Running frequent Windows Updates
- Keep your anti-virus product up-to-date
- Be cautious with 3rd party software run times (Adobe Flash, Java, Shockwave, etc.)
End users (like myself) don’t typically keep these sites up to date. Malware code writers know they can exploit these vulnerabilities.
Remember: There is a wide variety of Internet crime. Stay as safe as you can by always approaching computer security with a “best practice methodology.” Don’t put off those anti-virus updates.
Thanks to Bert Freeman of HiTechnique, LLC for the technical information.