Knowing for sure if a website is legitimate, safe, and free of malware will help to protect your data and privacy as a technology user. You can perform several cursory checks that can help you determine the safety of any given website. Some indicators may be obvious while others are stealthy
Examining the URL, presence of a padlock icon next to URL, “non-secure website ahead” or similar window when trying to enter a site, and multiple pop-ups displayed. Other more serious indicators can include drive-by downloads, malicious redirects, pop-ups, audio or video playing, and several others.
It is important to note that there are several websites that may have an expired SSL certificate (http domain) that aren’t malicious. You won’t know this until you either access these sites or research them prior to entering them.
In order to facilitate a safe browsing environment for you and those around you, a solid foundation of browsing security will help you achieve that.There are precursor actions that you can do before accessing any given website. If you choose to access a particular website with or without doing these checks, there are more serious indicators of a malicious site. In this article you will see several examples!
What is a malicious web page?
A malicious website is a web page that has been reported as having malware present or installed on the user’s machine as a direct result of accessing it. A malicious website will almost always have an http URL prefix…
Malware infected sites will usually have a lot of advertisement pop-ups, redirects to more malicious pages/downloads, and eventually can lead to system compromise. There are many websites that host common types of information that are malicious.
If you are wanting to visit a website that you aren’t sure about, a safe website checker is a great resource to use. These sites compare the URL you input to many malware scanning sites that will compare the saved malicious URL’s with the one you type in.
You will see the results of the scan within seconds! It is very fast and it reliable as well; I would highly recommend using this feature. Notice these website checking tools all have the HTTPS padlock, that is a good sign.
Some safe website checkers are:
Scanvoid.net
Safeweb.norton.com
URLvoid.com
As you can see, not every safe site checker is created equal. Yes piratebay.org isn’t in itself malicious however, redirects are common on the site not to mention the troves of pirated digital material available for torrent download. A very important thing to remember is that if software, ebooks, games, media etc. is available for free download then there is a risk of embedded malware.
It is very common to install spyware, adware, or other malware on your system originating from a harmless looking Finding Nemo HD download. On a separate note, scanning a web page that doesn’t have the https padlock before accessing the page can save you a lot of trouble later should that page turn out malicious.
Remember that threats don’t just come in the form of malicious downloads; web sites themselves can compromise your browser, capture credentials, steal session cookies, log browser history, and more. Malicious pages can also transfer dangerous files to your system.
Some of the most common places that these malicious sites are found are on domains that host adult, illegal, or non-legit shopping sites. You can usually see a lot of ads and pop-ups come on your window that match the content for the website you are on.
For example, if you are on a gambling website, you may see a bunch of pop-ups claiming you are the 1,000,000th winner, click to claim your prize! OR click here to enter into the 4 billion dollar jackpot! Similarly if you are on a porn website you may see lots of pop-ups that reference live cams, a link to Snapchat/Tinder etc. for hookups.
Here are some ways malicious pages pose a threat to you!
Adware
Adware is essentially an ad that if clicked on will direct you to the website hosting that service or product. The ads that you may see in adware may be legitimate like an Amazon ad to a saucepan. The reason for adware is the same as regular ads on websites; money.
Every time that advertisement is clicked on, revenue is generated for the developer/web host. Adware is a much more intrusive and aggressive form of advertisement. Adware is sketchy at the very least and it is cause for much concern. Browser history, search history, and open tabs can determine what type of ads the adware will display.
Adware is very common on browsers and computers. A large number of adware is found on websites and it isn’t necessarily malicious in itself; rather it is more annoying. You can remove adware if it infects your browser by removing it from your browser in the settings.
If the adware is on your machine you will have to go into your program files and uninstall it; a machine reboot may be required afterwards. I would also recommend running a malware scan to grab anything else the adware may have sneakily installed.
Adware can display itself in a variety of ways, from an Ebay ad for a computer part to a “you’ve won the lottery” window. There are many different types and they may be different depending on the adware author.
If you choose to click inside the pop-up windows then a variety of things could happen. Adware is often the catalyst for malware. Adware can host a variety of other threats like trojans, spyware, viruses etc. Needless to say, once detected, adware should be swiftly removed from the affected browser or system.
Pop-ups
Pop-ups have a bad reputation generally because they are associated with adware. This is true to a certain extent. However, they aren’t all by themselves bad. Many websites use pop-ups for chats, subscription deals on first sign up, or other marketing uses. The picture below shows an example of a popup.
I was using Microsoft Edge at the time and had no popup blockers on. A few seconds after the page fully loaded, this little guy appeared for me. This is a non-malicious pop-up and isn’t adware either; just an example of safe pop-up. You also have to look at the type of pop-up and how it is relevant to the type of website you are visiting.
You might become suspicious if you happen to see a chat window pop-up in the middle of your screen while accessing, say, a web page that’s not on an ecommerce site. Usually chat windows are associated with customer service which means that customers are exchanging payment information and making purchases.
Pop-ups can be considered adware if it is unwanted. Many programs and websites use pop-ups to display the requested content. A good example of a pop-up that you would want to see is an educational institute’s student portal with embedded videos. If pop-ups are disabled then you won’t see the content.
You will get a notification saying that you must disable your pop-up blocker to view this content or similar notification. If you see this message on a legitimate site then you are safe to disable it. I personally use some popup blocker browser extensions that work very well.
Again, like adware pop-ups (unwanted) can show up in your browser or system desktop. Additional adware or pop-ups may have system themed windows that prompt you to update your antivirus.
You can disable pop-ups by going to your internet settings!
Fake/lookalike sites
Fake sites are found a lot in spam links from emails. Malicious actors will make a lookalike/fake website that is identical in looks to a real site. When the user clicks on an email from usersupport@gooqle.com, they aren’t paying attention to the typo from the sender (more on this later).
Upon being directed to the web page, usually a login page, the user will see the familiar login layout and input their credentials. Once the login button is initiated the user is presented with a page not found or similar message. What the victim doesn’t realize is that they have input their real credentials into a dummy site.
The attackers on the other end now possess that user’s credentials for that particular account. This is why it is so very important to pay attention to the email domain and look for signs that it may or may not be safe.
Fake domains are created as well. Pay attention to the sender of the email, the email address can be very long, contain special characters in weird orders, and typos. You can also research the email address by running it on a search engine to determine its legitimacy.
Malicious redirects
Freeware, software that is free and often downloaded from a less than legitimate website with ‘strings attached,’ is a common trojan for browser hijacker malware. A browser hijacker works by inputting entries in the system’s host file. The host file will now contain malicious entries for the IP addresses and domain names that you will be redirected to.
A hijacked browser can have several odd looking toolbars and extensions that you didn’t know you installed. Browser hijackers can set the default browser home page to something malicious as well. Upon clicking your browser icon you may be immediately redirected to a site hosting troves of adware.
Motivations for malicious redirects are usually revenue. The traffic that you are giving the developer generates money for them even though you are getting screwed in the process! Revenue isn’t the only result of these redirects; dangerous malware is often installed on the victim’s computer as well.
A driveby download is a type of attack in which malware is downloaded in the background of the users system without them knowing. This can be had with a variety of ways such as: malware already residing on the system which forces the user to download additional malware when browsing, links in emails from an outdated browser, visits to a compromised website (you may not be able to tell).
Clickjacking is another sneaky attack. Clickjacking tricks the user into clicking on some part of the web page that is perceived to be safe like a picture or something. Through JavaScript and HTML frames, clickjacking developers embed malware to download and malicious site links in those frames.
This is a very sneaky attack so keep you system, browsers, and accounts up to date and secure! You can disable Javascript and use the NoScript browser extension which can mitigate clickjacking attacks. Browser hijacker malware can be removed by using antimalware software like Malwarebytes or AdwCleaner.
Harden your browser!
In order to protect our data and systems we must use proper browser/system security. Here are some very important steps you can take to harden your browser!
- Remove suspicious looking browser extensions
- Uninstall suspicious extensions and software
- Install NoScript, pop up blocker, and adware blocker browser extensions
- Keep system’s security updates current
- Update all browsers as soon as you get notified that they are out of date
- Disable pop-ups
- Disable camera/mic access to websites
Locking down your browser is a huge way to protect yourself online. While it may not prevent all attacks, it certainly does lower your chances of some of the sneaky ones. While there is no one measure that protects you from all threats, a combination of several will significantly reduce the chance of attacks.
Keep in mind that if you use several different browsers (like I do), you will need to find extensions for each one. If you install an extension on Firefox it doesn’t magically install on Chrome as well. Keeping all of your browsers up to date is one of the most important of the hardening methods by far.
Think of a browser update like a Windows system update. It is the bare minimum you should be doing to protect yourself. Of course you must still be cautious on what you are clicking on or sites you are visiting. With these hardening techniques you can expect to have a safer browsing experience.
To conclude, before accessing a website that you may have doubts about, be sure to conduct some research on it. This includes copy/paste the URL of the site you are curious about into a safe website checker tool online. It is best to run that URL against several website checkers just to be thorough. There are many browser attacks to be wary of; educating yourself on the different types can help you decide on how to better defend yourself.
