Page 1 of 1
Risks of visiting malicious sites
Posted: Sun Jan 23, 2011 2:38 am
by matthijs
Looking for a web font I googled a type foundry. The first result was the foundry's website. However, the site was hacked as instead of the foundry's website a very NSFW site was displayed. I immediately clicked the back link. However, I wonder, what risks do you run in general when visiting such a site?
(or any site which is hosting malicious code, since even a "trusted" site which looks fine could include some nasty javascript in the source)
Is cookie stealing a problem? Should I clear all my browsers' cookies (Firefox) and re-login everywhere just to be sure?
What else can happen? As far as I could see nothing happened in the half second I saw that website. No popups, no downloads or something. However, in computer time half a second is a long time ..
Re: Risks of visiting malicious sites
Posted: Sun Jan 23, 2011 10:29 pm
by Weirdan
Generally risks are following:
- You might get infected with a virus / trojan
- You might have allowed the site to scan you internal network for open ports (takes quite a long time, in order of minutes, though).
- You might have leaked you browsing history (selected sites) to the site.
- You might have poisoned you browser cache so the response to the next request would contain parts controlled by the malicious site owner (not every browser affected though).
- ...
Re: Risks of visiting malicious sites
Posted: Mon Jan 24, 2011 1:31 am
by matthijs
Thanks for the suggestions. It's incredible how much can go wrong. If you think about it, it's pretty scary.
I also don't know how I can further improve my browsing safety. Disabling javascript maybe, but that get's annoying pretty quickly, since 99% of the sites need javascript turned on
Re: Risks of visiting malicious sites
Posted: Mon Jan 24, 2011 1:37 am
by Peter Kelly
install WOT its a browser plugin that grades websites anyone can grade them on a variety of categories, and if you are visiting a site that a lot of people have rated badly it comes up with a warning kinda like how google does but better

.
Re: Risks of visiting malicious sites
Posted: Mon Jan 24, 2011 1:45 am
by matthijs
Interesting, had not seen that extension yet. In a certain way it can work, however, I wonder how effective it really is.
- a "trusted" website can one day be safe, the next it can be hacked and very unsafe
- a safe website which is unrated yet, might give an orange/unknown label (kind of false-positives). So each time you visit an "unknown" site, you wonder if it's safe
I'd rather have a better browser, but I guess it's very difficult to make a browser/surfing really bullet-proof
Re: Risks of visiting malicious sites
Posted: Mon Jan 24, 2011 1:49 am
by Peter Kelly
But if it suddenly turns untrusted people will post more bad comments and make it untrusted

Re: Risks of visiting malicious sites
Posted: Mon Jan 24, 2011 6:28 am
by josh
One that I've seen used malice wmv files embedded on the page, when windows media player tried to open the file it allowed some scripting to run, basically by visiting the page it would download an .exe in place of windows media player and then re-try to open the file (thus executing it's payload)
A good program you should run is lavasoft ad-aware, it is free and blocks some of these things.
Re: Risks of visiting malicious sites
Posted: Mon Jan 24, 2011 7:06 am
by matthijs
Well I'm running OS X so am safe for windows malware. There have been a few malware problems for OS X, but those where hidden in for example Adobe suites you could download somewhere, and had to install manually. And installing a program always requires typing my admin password.
So my ques is that the biggest vulnerabilities/issues are inside the browser itself. When a mail login or amazon account or something gets hijacked, enough damage can be done without any malware running on my computer itself.
Re: Risks of visiting malicious sites
Posted: Mon Jan 24, 2011 12:08 pm
by Jonah Bron
matthijs wrote:Well I'm running OS X so am safe for windows malware. There have been a few malware problems for OS X, but those where hidden in for example Adobe suites you could download somewhere, and had to install manually. And installing a program always requires typing my admin password.
*nix FTW!

Re: Risks of visiting malicious sites
Posted: Mon Jan 24, 2011 2:52 pm
by josh
There's vulnerabilities on software on both platforms, for example pdf. That affects any operating system sometimes.
Re: Risks of visiting malicious sites
Posted: Mon Jan 24, 2011 5:46 pm
by Jonah Bron
josh wrote:There's vulnerabilities on software on both platforms, for example pdf. That affects any operating system sometimes.
Do you really
mean PDF, or just Adobe Reader? Or both? Because Ubuntu comes preloaded with
Evince.
But I do get your point, they're not foolproof... it's just that GNU/Linux is obscenely more foolproof than Windows

Re: Risks of visiting malicious sites
Posted: Wed Jan 26, 2011 4:31 am
by josh
Both. PDF allows scripting, and adobe always authors formats that specify a very risky stuff in terms of security, for example to be a "flash player" a software must allow scripting to access local files on the machine...
Also yeah Adobe does make linux apps, its possible the vulnerabilities could correlate with the actual pdf format, and therefore exist in 3rd party readers.... I don't know though. Here's an example where Adobe compromised linux users in the past:
http://www.bgr.com/2010/06/05/adobe-det ... d-solaris/
A lot of linux users also may have wine running, and may have windows applications that are exploitable. Even when google chromium gains market share I bet you'll see javascript viruses, and new kinds of man in the middle attacks.