Can you get a virus/malware just by visiting a website?
Posted: Sat Feb 06, 2021 11:50 am
Malware/virus can't infect my computer unless I open the file, right?
Yes, it's entirely possible to get infected by simply visiting a website. Most commonly via what we call "Exploit Kits". Right now, EK are used to deliver a lot of dangerous malware (such as banking trojans and Cryptoware) to computers worldwide.
If the file pushed on your system is already known to your Antivirus or Antimalware (in its database) then it's detectable. If it's not, it won't do anything. And we all know that no products have a 100% detection ratio. There is no antivirus software that can detect all malware in the world. Some antivurs program can detect something that other still can't.
Duch attacks are called "drive-bys" or "exploits" and commonly target java, flash and silverlight plugins as well as adobe reader and the browser internet explorer. Exploits also can attack media player software and all the other common browsers (chrome, firefox and all the rest). Fortunately there are some ways to make it much harder for drive-by attacks to infect you.
Even if it's a well known malware, cybercriminals can use a packer (read: encrypt the malware) to make it FUD (fully undetectable) to antivirus and antimalware software that rely on signatures. This can be defeated by the use of behavioral analysis (Emsisoft's Behavior Blocker), sandbox (Sandboxie, Comodo Internet Security's Defense+) or rollback (Kaspersky's System Watcher).
Users are more 21 times more likely to get hit with malware from online shopping sites and 27 more times likely with a search engine than if they'd gone to a counterfeit software site, according to Cisco.
If it is downloaded wouldn't for example chrome browser show the file downloading in the download bar? also how can it execute by it's self?
It uses exploits to download and execute undetected. Malware exploit files are small files, only a few kilobytes, if you have download speeds of 0.5 Mb per second they would download so fast that there wouldn't even be time to show a "downloading" bar, also exploits do not download in the same way as normal file downloads, they take other routes so wouldn't be counted by the browser as downloads and put into any download history it keeps. The self-execution of exploit files happens because of the exploit methods, these basically let them bypass normal downloading and opening entirely, they download themselves and immediately run themselves.
What to do to secure my computer?
Always make sure your browser is up to date, and the plugins within your browser as well. Updates to browsers and plugins patch vulnerabilities so an old un-updated browser will be vulnerable to most exploits in use while an up-to-date browser will not be vulnerable to recently developed exploits. IE is the most vulnerable, firefox and chrome are both far more secure but neither is perfect.
Deactivate all your plugins or set them as "click to play", loads more exploits exist which attack flash, java and silverlight as compared to the lower (but still terrifyingly large) number of exploits which target the browsers themselves. If you disable plugins you don't use, and those which you sometimes use you set as "click to play" or " ask to activate", then exploits which attack plugins are less of a danger to you. Firefox makes it easy to disable plugns or set them as "ask to activate", chrome also makes it fairy easy, these days it is set up to do this by going to "sandwich button"-->settings-->show advanced settings-->content settings-->let me choose when to run plugin content. I don't know if IE lets you disable plugins like this or set them only to run when you approve them.
Run a scriptblocker, this will protect you from exploits on the page you are visiting, and from exploits on other domains which are trying (but which the script blocker will stop) from loading content onto the page you are on. A scriptblocker also blocks adverts as a side-effect although you might want to run an adblocker as well alongside it. Noscript is script blocker for firefox.
https://en.wikipedia.org/wiki/NoScript
A scriptblocker like noscript should make drive-bys impossible when you have it turned on, but sometimes you will need to allow some things through it for some things (videos mostly) on pages to work, if you only allow things from very trustworthy domains then it will keep you very extremely safe. A scriptblocker prevents exploits before they can begin it's an "anything the user doesn't allow deliberately is by default forbidden" type of security solution.
Run some sort of specialised anti-exploit protection, malwarebytes anti exploit does this, it is a free program which blocks common exploit methods. This means that it can protect against unknown viruses because it blocks anything that looks like an exploit without needing to worry about precisely what the payload is. This sort of program acts as a layer "behind" your browser whereas things like noscript and adblockers act as layers "infront" of your browser. MBAE works well in combination with noscript and firefox.
Keep your antivirus running as it is, run a realtime protection antimalware alongside it if you can. An antivirus and antimalware act as another layer behind any specialised anti-exploit protection you have.
For futher protection you can also run witelisting software which prevents any exe file which you have not previously approved from being able to execute.
The key thing with protecting yourself from exploits is to use "anything not allowed by the user is forbidden" types of security as well as the standard method an antivirus uses "anything not matching this database of known nasties is allowed". Things like noscript and mabe, as well as whitelisting programs, use this first method and therefore don't need to recognise every virus, they just stop anything which the user doesn't choose to allow. A brand new virus would not be recognised by antivirus and antimalware programs but it wouldn't be able to infect a noscript user unless they allowed the object or script delivering it to run, and it wouldn't be able to infect an mbae user unless it was using some uterly new and unrecognised exploit method. If you follow all the suggestions mentioned here being exploited should be impossible, note that you still need your antivirus running as well because mbae and noscript won't protect you from files you do deliberatly open and run.
Yes, it's entirely possible to get infected by simply visiting a website. Most commonly via what we call "Exploit Kits". Right now, EK are used to deliver a lot of dangerous malware (such as banking trojans and Cryptoware) to computers worldwide.
If the file pushed on your system is already known to your Antivirus or Antimalware (in its database) then it's detectable. If it's not, it won't do anything. And we all know that no products have a 100% detection ratio. There is no antivirus software that can detect all malware in the world. Some antivurs program can detect something that other still can't.
Duch attacks are called "drive-bys" or "exploits" and commonly target java, flash and silverlight plugins as well as adobe reader and the browser internet explorer. Exploits also can attack media player software and all the other common browsers (chrome, firefox and all the rest). Fortunately there are some ways to make it much harder for drive-by attacks to infect you.
Even if it's a well known malware, cybercriminals can use a packer (read: encrypt the malware) to make it FUD (fully undetectable) to antivirus and antimalware software that rely on signatures. This can be defeated by the use of behavioral analysis (Emsisoft's Behavior Blocker), sandbox (Sandboxie, Comodo Internet Security's Defense+) or rollback (Kaspersky's System Watcher).
Users are more 21 times more likely to get hit with malware from online shopping sites and 27 more times likely with a search engine than if they'd gone to a counterfeit software site, according to Cisco.
If it is downloaded wouldn't for example chrome browser show the file downloading in the download bar? also how can it execute by it's self?
It uses exploits to download and execute undetected. Malware exploit files are small files, only a few kilobytes, if you have download speeds of 0.5 Mb per second they would download so fast that there wouldn't even be time to show a "downloading" bar, also exploits do not download in the same way as normal file downloads, they take other routes so wouldn't be counted by the browser as downloads and put into any download history it keeps. The self-execution of exploit files happens because of the exploit methods, these basically let them bypass normal downloading and opening entirely, they download themselves and immediately run themselves.
What to do to secure my computer?
Always make sure your browser is up to date, and the plugins within your browser as well. Updates to browsers and plugins patch vulnerabilities so an old un-updated browser will be vulnerable to most exploits in use while an up-to-date browser will not be vulnerable to recently developed exploits. IE is the most vulnerable, firefox and chrome are both far more secure but neither is perfect.
Deactivate all your plugins or set them as "click to play", loads more exploits exist which attack flash, java and silverlight as compared to the lower (but still terrifyingly large) number of exploits which target the browsers themselves. If you disable plugins you don't use, and those which you sometimes use you set as "click to play" or " ask to activate", then exploits which attack plugins are less of a danger to you. Firefox makes it easy to disable plugns or set them as "ask to activate", chrome also makes it fairy easy, these days it is set up to do this by going to "sandwich button"-->settings-->show advanced settings-->content settings-->let me choose when to run plugin content. I don't know if IE lets you disable plugins like this or set them only to run when you approve them.
Run a scriptblocker, this will protect you from exploits on the page you are visiting, and from exploits on other domains which are trying (but which the script blocker will stop) from loading content onto the page you are on. A scriptblocker also blocks adverts as a side-effect although you might want to run an adblocker as well alongside it. Noscript is script blocker for firefox.
https://en.wikipedia.org/wiki/NoScript
A scriptblocker like noscript should make drive-bys impossible when you have it turned on, but sometimes you will need to allow some things through it for some things (videos mostly) on pages to work, if you only allow things from very trustworthy domains then it will keep you very extremely safe. A scriptblocker prevents exploits before they can begin it's an "anything the user doesn't allow deliberately is by default forbidden" type of security solution.
Run some sort of specialised anti-exploit protection, malwarebytes anti exploit does this, it is a free program which blocks common exploit methods. This means that it can protect against unknown viruses because it blocks anything that looks like an exploit without needing to worry about precisely what the payload is. This sort of program acts as a layer "behind" your browser whereas things like noscript and adblockers act as layers "infront" of your browser. MBAE works well in combination with noscript and firefox.
Keep your antivirus running as it is, run a realtime protection antimalware alongside it if you can. An antivirus and antimalware act as another layer behind any specialised anti-exploit protection you have.
For futher protection you can also run witelisting software which prevents any exe file which you have not previously approved from being able to execute.
The key thing with protecting yourself from exploits is to use "anything not allowed by the user is forbidden" types of security as well as the standard method an antivirus uses "anything not matching this database of known nasties is allowed". Things like noscript and mabe, as well as whitelisting programs, use this first method and therefore don't need to recognise every virus, they just stop anything which the user doesn't choose to allow. A brand new virus would not be recognised by antivirus and antimalware programs but it wouldn't be able to infect a noscript user unless they allowed the object or script delivering it to run, and it wouldn't be able to infect an mbae user unless it was using some uterly new and unrecognised exploit method. If you follow all the suggestions mentioned here being exploited should be impossible, note that you still need your antivirus running as well because mbae and noscript won't protect you from files you do deliberatly open and run.