Risks of visiting malicious sites

Ye' old general discussion board. Basically, for everything that isn't covered elsewhere. Come here to shoot the breeze, shoot your mouth off, or whatever suits your fancy.
This forum is not for asking programming related questions.

Moderator: General Moderators

Post Reply
matthijs
DevNet Master
Posts: 3360
Joined: Thu Oct 06, 2005 3:57 pm

Risks of visiting malicious sites

Post by matthijs »

Looking for a web font I googled a type foundry. The first result was the foundry's website. However, the site was hacked as instead of the foundry's website a very NSFW site was displayed. I immediately clicked the back link. However, I wonder, what risks do you run in general when visiting such a site?
(or any site which is hosting malicious code, since even a "trusted" site which looks fine could include some nasty javascript in the source)

Is cookie stealing a problem? Should I clear all my browsers' cookies (Firefox) and re-login everywhere just to be sure?

What else can happen? As far as I could see nothing happened in the half second I saw that website. No popups, no downloads or something. However, in computer time half a second is a long time ..
User avatar
Weirdan
Moderator
Posts: 5978
Joined: Mon Nov 03, 2003 6:13 pm
Location: Odessa, Ukraine

Re: Risks of visiting malicious sites

Post by Weirdan »

Generally risks are following:
  • You might get infected with a virus / trojan
  • You might have allowed the site to scan you internal network for open ports (takes quite a long time, in order of minutes, though).
  • You might have leaked you browsing history (selected sites) to the site.
  • You might have poisoned you browser cache so the response to the next request would contain parts controlled by the malicious site owner (not every browser affected though).
  • ...
matthijs
DevNet Master
Posts: 3360
Joined: Thu Oct 06, 2005 3:57 pm

Re: Risks of visiting malicious sites

Post by matthijs »

Thanks for the suggestions. It's incredible how much can go wrong. If you think about it, it's pretty scary.

I also don't know how I can further improve my browsing safety. Disabling javascript maybe, but that get's annoying pretty quickly, since 99% of the sites need javascript turned on
Peter Kelly
Forum Contributor
Posts: 143
Joined: Fri Jan 14, 2011 5:33 pm
Location: England
Contact:

Re: Risks of visiting malicious sites

Post by Peter Kelly »

install WOT its a browser plugin that grades websites anyone can grade them on a variety of categories, and if you are visiting a site that a lot of people have rated badly it comes up with a warning kinda like how google does but better :P.
matthijs
DevNet Master
Posts: 3360
Joined: Thu Oct 06, 2005 3:57 pm

Re: Risks of visiting malicious sites

Post by matthijs »

Interesting, had not seen that extension yet. In a certain way it can work, however, I wonder how effective it really is.

- a "trusted" website can one day be safe, the next it can be hacked and very unsafe
- a safe website which is unrated yet, might give an orange/unknown label (kind of false-positives). So each time you visit an "unknown" site, you wonder if it's safe

I'd rather have a better browser, but I guess it's very difficult to make a browser/surfing really bullet-proof
Peter Kelly
Forum Contributor
Posts: 143
Joined: Fri Jan 14, 2011 5:33 pm
Location: England
Contact:

Re: Risks of visiting malicious sites

Post by Peter Kelly »

But if it suddenly turns untrusted people will post more bad comments and make it untrusted :)
josh
DevNet Master
Posts: 4872
Joined: Wed Feb 11, 2004 3:23 pm
Location: Palm beach, Florida

Re: Risks of visiting malicious sites

Post by josh »

One that I've seen used malice wmv files embedded on the page, when windows media player tried to open the file it allowed some scripting to run, basically by visiting the page it would download an .exe in place of windows media player and then re-try to open the file (thus executing it's payload)

A good program you should run is lavasoft ad-aware, it is free and blocks some of these things.
matthijs
DevNet Master
Posts: 3360
Joined: Thu Oct 06, 2005 3:57 pm

Re: Risks of visiting malicious sites

Post by matthijs »

Well I'm running OS X so am safe for windows malware. There have been a few malware problems for OS X, but those where hidden in for example Adobe suites you could download somewhere, and had to install manually. And installing a program always requires typing my admin password.

So my ques is that the biggest vulnerabilities/issues are inside the browser itself. When a mail login or amazon account or something gets hijacked, enough damage can be done without any malware running on my computer itself.
User avatar
Jonah Bron
DevNet Master
Posts: 2764
Joined: Thu Mar 15, 2007 6:28 pm
Location: Redding, California

Re: Risks of visiting malicious sites

Post by Jonah Bron »

matthijs wrote:Well I'm running OS X so am safe for windows malware. There have been a few malware problems for OS X, but those where hidden in for example Adobe suites you could download somewhere, and had to install manually. And installing a program always requires typing my admin password.
*nix FTW! :D
josh
DevNet Master
Posts: 4872
Joined: Wed Feb 11, 2004 3:23 pm
Location: Palm beach, Florida

Re: Risks of visiting malicious sites

Post by josh »

There's vulnerabilities on software on both platforms, for example pdf. That affects any operating system sometimes.
User avatar
Jonah Bron
DevNet Master
Posts: 2764
Joined: Thu Mar 15, 2007 6:28 pm
Location: Redding, California

Re: Risks of visiting malicious sites

Post by Jonah Bron »

josh wrote:There's vulnerabilities on software on both platforms, for example pdf. That affects any operating system sometimes.
Do you really mean PDF, or just Adobe Reader? Or both? Because Ubuntu comes preloaded with Evince.

But I do get your point, they're not foolproof... it's just that GNU/Linux is obscenely more foolproof than Windows :twisted:
josh
DevNet Master
Posts: 4872
Joined: Wed Feb 11, 2004 3:23 pm
Location: Palm beach, Florida

Re: Risks of visiting malicious sites

Post by josh »

Both. PDF allows scripting, and adobe always authors formats that specify a very risky stuff in terms of security, for example to be a "flash player" a software must allow scripting to access local files on the machine... 8O

Also yeah Adobe does make linux apps, its possible the vulnerabilities could correlate with the actual pdf format, and therefore exist in 3rd party readers.... I don't know though. Here's an example where Adobe compromised linux users in the past:
http://www.bgr.com/2010/06/05/adobe-det ... d-solaris/

A lot of linux users also may have wine running, and may have windows applications that are exploitable. Even when google chromium gains market share I bet you'll see javascript viruses, and new kinds of man in the middle attacks.
Post Reply