You never click on unknown links or ads when you visit websites.
You are vigilant in staying away from suspicious websites.
You practice safe browsing techniques.
You should be safe from a virus, right?
Are you really safe?
Can You Get A Virus From Visiting A Website?
Yes, you can get a virus from visiting a website.
A virus is one form of malware.
Malware is malicious code designed to interrupt the use of, take over the use of, or steal information from a victim device.
With each passing day and as technology continuously evolves, hackers are creating new methods of attack.
In fact, AV-ATLAS cited the identification of 880,500 new malware threats from February 1 to February 14, 2022.
How Do You Get A Virus From A Website?
Hackers are highly conscious of the increased awareness of cybersecurity.
Knowing this, hackers have developed ways to embed malware into seemingly safe websites to attack users.
An exploit kit is a toolset developed by hackers that places a set of scripts on a vulnerable website.
These scripts are designed to follow a set of instructions to infiltrate, deliver a payload, and ultimately place a remote access tool, or RAT, on a web user’s personal device.
Creators of exploit kits offer their products on the dark web for purchase or rent by hackers.
These kits are simple to use and install and do not require advanced technical knowledge to deploy.
A drive-by download is the unintentional download of malware to a web user’s device.
Drive-by downloads are designed to be stealthy and infect the web user’s device without any intentional intervention.
Such downloads can exploit vulnerabilities in applications, operating systems, or web browsers.
When a drive-by download is deployed on a victim device, it delivers malware that is designed to take control of your device, steal your information, or interrupt the usability of the device.
Can You Get A Virus From A Web Browser?
Even the trusted web browser that you rely on to search the internet and visit websites can be an entry method for malicious code and malware.
Due to the massive number of people who use web browsers daily, browsers are popular targets for hackers.
How Can You Get Infected From A Web Browser?
Web browsers can be exploited by using known and zero-day vulnerabilities.
A vulnerability in any one of these components can be exploited by hackers to deliver malware or malicious code to web users.
1. Code Execution Exploits
Code execution exploits occur when a hacker discovers a flaw in the underlying code.
When a vulnerability is found, a hacker can insert bits of code to deliver malware to unsuspecting users.
This malicious code can be programmed to deliver malware that can steal user information, send information to other locations, or take over user devices.
Code execution exploits can even be used to attach malware to advertising networks which will then distribute it to otherwise legitimate and safe sites.
2. Man-In-The-Middle Attacks
A man-in-the-middle, or MITM, is a way that a hacker intercepts traffic between the web browser and the hosting server.
When attacking web browser traffic, the hacker intercepts traffic from the server and forwards the traffic to the web browser using forged or invalid certificates.
Certificates are how the server authenticates itself to the browser as a legitimate entity.
When the web browser receives the certificate, it attempts to validate its authenticity.
If the certificate is not validated, the web browser will prompt the web user that the certificate is invalid.
Despite this warning, however, many web users merely click the option to ignore the warning without realizing the potential threat the invalid certificate poses.
Can You Get A Virus from Visiting A Website On Your Phone?
Yes, you can get a virus or malware on a phone by visiting a website.
Hackers have been known to embed malicious code, predominately spyware, into compromised websites.
This code is designed to attack vulnerabilities in the mobile browser and the underlying operating system, such as iOS.
Smartphones may also be infected by downloading compromised apps, clinking on infected links through a mobile email, or clicking on links in SMS messages.
Another way a phone may be infected is by linking or connecting your phone to another phone which is infected.
Unlike computer malware and viruses, the majority of phone-based malware is not designed to interrupt usage, but to silently steal information.
How To Protect Yourself From Viruses
After reading all the tricky methods that are used to deliver malware to unsuspecting users, you may be thinking how can you possibly protect yourself from these threats?
Do not despair!
There are simple proactive measures that can be taken to minimize the threat of infection.
1. Update And Patch
Many hackers take advantage of known vulnerabilities in websites, browsers, and applications.
When a vulnerability is identified, it is cataloged by the MITRE Corporation and issued an identifying number in the Common Vulnerabilities and Exposures, or CVE, list.
This list, supported by the Cybersecurity and Infrastructure Security Agency, or CISA, is a repository for known vulnerabilities and is designed to publicly disclose cybersecurity vulnerabilities.
When a vulnerability is exposed, the developer of the affected product will close the hole and issue an update or patch for the compromised program.
Always update and patch applications, operating systems, browsers, and programs immediately to protect yourself from these identified vulnerabilities.
Many programs offer automatic updates to reduce the hassle of updating and patching.
As operating systems and programs progress, there comes a point when older versions of the program reach end-of-life and are no longer supported by the developer.
This means that any new vulnerabilities identified will not be addressed, leaving the outdated operating system or program wide-open to exploits using these known vulnerabilities.
This is why upgrading is an important method of prevention.
It does not mean that you must upgrade your system every time a new version is released, however.
Most developers will support a set number of previous versions or for a set number of years after launch.
For example, Microsoft’s Lifecycle Policy can be viewed here Microsoft Lifecycle Policy | Microsoft Docs.
3. Employ A Layered Approach
A layered approach is a cybersecurity method that involves using multiple protection methods to increase security.
By layering these protection methods, you are more likely to catch potential threats that a single method may miss.
Many tools can be used in conjunction with one another to add multiple layers of protection to your system.
A. Anti-Malware Or Antivirus
Invest in robust anti-malware or antivirus software.
While anti-malware and antivirus are technically two separate programs, most offer the same type of protection.
When choosing an anti-malware or antivirus program, look for one that offers protection against known malware threats, provides heuristic behavioral analysis to identify unknown threats, and is regularly updated to include newly found malware.
Malvertising is the practice of embedding malware inside of advertisements, often using reputable ad delivery services such as AdSense to inject ads into internet content.
An adblocker is a piece of software designed to block ads from appearing on your device.
Adblockers can be browser plug-ins, or they can be included in cybersecurity solutions such as VPNs or antivirus and anti-malware products.
C. Anti-Exploit Software
Anti-exploit software is designed to block common techniques which hackers use to attack a system.
This is different from anti-malware and antivirus software in that anti-exploit software blocks the device from allowing the methods hackers use, thereby keeping the device from ever being exposed to the threat while anti-malware and antivirus software protects the device once it has already been exposed.
4. Heed Browser Certificate Warnings
While it is extremely easy to ignore certificate warnings, this practice can potentially expose you to malware.
A certificate warning will appear if there is an issue with a website’s certificate or if the certificate is being used improperly.
This can be a sign of MITM attacks or fake websites trying to pass as legitimate websites.
While you can ignore this warning and continue to the site, it is not recommended and can open the door to hackers.
5. Remove Unnecessary Software
Cleaning up your programs and applications can decrease the likelihood of infection.
Periodically evaluate the programs and applications installed on your device and remove any that you no longer use or are no longer supported.
The more applications and programs you keep on your device, the more you must keep patched and updated.
Software that is no longer supported should also be removed since it no longer offers updates for protection against known threats.
6. Look For HTTPS Sites
When browsing the internet, the most secure sites are HTTPS sites.
HyperText Transfer Protocol, or HTTP, is the protocol used to send data from a browser to a website.
HTTPS, or HTTP secure, is the most secure protocol for this data transfer.
HTTPS encrypts the data using transport layer security, or TLS, to increase the security of the data transfer.
You can see if a website is running on HTTPS by looking at the web address bar for HTTPS.
Also, many web browsers indicate the HTTPS protocol by placing a signifier such as a green lock beside the web address.
7. Practice Safe Browsing
To practice safe browsing, the key is awareness.
Be aware of the websites you are visiting.
Try and avoid websites that are suspicious or are common targets for hackers, such as pornography sites.
Be aware of and try to avoid falling for clickbait.
Clickbait is content designed to attract a web user’s attention to encourage the user to click on the attached link.
Try and avoid clicking on pop-up ads.
If a particularly enticing product appears, instead of clicking on the provided link, go directly to the website on which the product is offered.
This will reduce the chances of clicking on a fake link that is infected with malware.
Be aware of suspicious links on websites.
These links may lead to fake sites or may trigger drive-by downloads.
8. Back Up Your Data
If the worst should happen and all of your attempts to protect your device have failed, it is important to keep your data backed up to a separate location.
The backup can be a separate hard drive, or you can use the cloud for data backup.
Complete backups should be done periodically, and incremental backups should be done regularly between full backups.
If you do fall victim to malware, you may be able to return your device to a previous clean point in time using your incremental backup.
This will minimize the amount of data you might lose.
If the malware is especially vicious, with a full backup, you will be able to completely wipe your system and restore it to the exact configuration stored on your backup.
How Do Exploit Kits Work?
Exploit kits are designed to follow three specific steps to gain access to a vulnerable user device.
- Step 1: First, the exploit kit needs a landing page. A landing page is a page that is reached by clicking on a hyperlink leading to an opening page, usually a home page, and can be attached to a vulnerable website or a website specifically designed to lure users in. A vulnerable website is one that has a known or unknown security flaw in its design, creating an entryway into the website’s scripts. If the attacked website is a legitimate site, the exploit kit redirects the web user to a secondary site without their knowledge. This redirect often matches the exploited site in every way, leaving the user unsuspicious of the threat.
- Step 2: Once on the fake landing page, the exploit kit deploys code that is designed to probe the web user’s device for vulnerabilities in browser-based applications. A browser-based application is an application or program that allows a user to use a remote server through a convenient interface. Commonly targeted browser-based applications include Adobe Flash Player, Adobe Reader, Java Runtime Environment, Oracle Java, Sun Java, Microsoft Silverlight, and Internet Explorer. If a vulnerability is not found on the web user’s device, the exploit kit stops. When an exploit kit does find a vulnerability, however, it continues to the next step, payload delivery.
- Step 3: After the vulnerability is detected, the exploit kit proceeds to deliver a payload. A payload can be in the form of a file downloader or encrypted binary. A file downloader can be instructed to link to another file which contains malware or contain the actual malware itself.
With encrypted binary, the payload is sent encrypted over the internet and is decrypted on arrival, delivering the malware to the web user’s victim device.
Payloads can include ransomware, Trojans, botnet malware, or information-stealing programs.
Each of these malware types is designed to gain control over a victim device to either steal information, remotely control the device, or gain profit.
How Does A Drive-By Download Infect You?
There are two methods a drive-by download uses to infect a web user’s device: authorization without knowing it or completely unauthorized.
An authorized drive-by download takes advantage of a web user by tricking the user into taking what they think is a safe or legitimate action.
For example, a drive-by download can attach to vulnerable links on a webpage.
When the infected link is clicked, it activates the download without the web user realizing what they just authorized.
These links may be in the form of pop-up ads, fake security alerts, or can even be triggered by the action of closing out a pop-up window.
A drive-by download can also be delivered as a Trojan.
A Trojan is a form of malware that disguises itself as a legitimate program.
When the program is downloaded, the Trojan is also downloaded without the user’s knowledge, but unknowingly, with the user’s consent.
Unauthorized drive-by downloads are attached to vulnerable websites and can be delivered simply by visiting an infected site.
Unauthorized downloads are designed to be discreet.
An unauthorized drive-by download places malicious code on a website by taking advantage of security flaws in the website’s infrastructure.
These security flaws may be known or may be zero-day vulnerabilities.
A zero-day vulnerability has not been identified by the good guys yet.
Cve-Website. https://www.cve.org/. Accessed 16 Feb. 2022.
Dansimp. Exploits and Exploit Kits – Windows Security. https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/exploits-malware. Accessed 16 Feb. 2022.
Exploit Kits: Getting in by Any Means Necessary. Unit 42, 2016, https://www.paloaltonetworks.com/apps/pan/public/downloadResource?pagePath=/content/pan/en_US/resources/research/exploit-kits.
Grosskurth, Alan, and Michael Godfrey. A Reference Architecture for Web Browsers. University of Waterloo, https://grosskurth.ca/papers/browser-refarch.pdf. Accessed 15 Feb. 2022.
Institute, AV-TEST-The Independent IT-Security. “AV-ATLAS.” AV-ATLAS, https://portal.av-atlas.org/. Accessed 16 Feb. 2022.
tfosmark. Microsoft Lifecycle Policy. https://docs.microsoft.com/en-us/lifecycle/. Accessed 16 Feb. 2022.
“Top Five Vulnerabilities Attackers Use Against Browsers.” IT Business Edge, 12 Jan. 2022, https://www.itbusinessedge.com/security/top-five-vulnerabilities-attackers-use-against-browsers/.
“What Is a Drive by Download.” Www.Kaspersky.Com, 9 Feb. 2022, https://www.kaspersky.com/resource-center/definitions/drive-by-download.
Leave a Reply