Yes, you can get a virus just from visiting a website.
These days, it’s very easy to be overconfident in our abilities to avoid computer viruses. After all, many of us were told that we simply had to avoid files and programs we didn’t recognize. If an email came through that looked fishy, we didn’t open them.
So how are viruses still being spread throughout the internet? Are there that many careless people online?
Or are hackers finding another way into our machines?
First, there are definitely still careless surfers on the internet who think nothing of clicking on any link, advertisement, or program that looks interesting or appealing to them. They don’t understand the ramifications of what they are doing, and they leave themselves open to attacks on a regular basis.
But that’s not the entire picture of what’s going on here.
How You Get Viruses From Websites
There are plenty of ways that hackers can get around the efforts of the typical internet user. Often, they use what are called “Exploit Kits” to deliver their viruses or malware. Exploit kits will hide the malware in a program so that it won’t be automatically detected.
Exploit kits silently and automatically find and exploit vulnerabilities on your computer as you browse the web.
They are extremely popular among hackers because they are automatic. A hacker doesn’t need to do any of the searching and hacking himself. He can simply deploy an exploit kit and let it do all the heavy lifting.
First, a hacker installs an exploit kit on a compromised website. Then, that web page will discreetly reroute traffic to a different page. Within this page is where the hacking really occurs.
While a visitor is on that page – and it could appear to be an exact copy of the page they intended to visit – the exploit kit is scanning their device remotely for any vulnerabilities that it can take advantage of, often through applications that web browsers run, such as Flash, Java, Silverlight, and others.
If the software finds a vulnerability, it will send malicious code through that opening and install itself onto your computer. Once successful, they send the payload.
Other times, the exploit kit is found on a legitimate website; it is deployed via malicious pop-ups. Even just the action of clicking to close out the pop-up ads (also known as adware) or a pop-up phishing scam, can initiate the download of malware.
The payload could be anything: a ransomware application to lock down your machine until you pay them, botnet malware to take control of your machine for other hacking purposes, spyware that gathers information on your personal data or computer use, keyloggers that track your every move (including your passwords), and Trojans that can log your banking information and steal your money.
Another dangerous form of payload is the malicious file downloader, which then creates an open window for the hacker to deliver any number of malicious applications to your computer.
And remember: all of this is happening silently without your realization.
Now, in all of these cases, the malicious software programs will need to be downloaded and executed. However, many criminals are able to set this up to be done invisibly. No deliberate actions need to be taken. Instead, a vulnerable website plugin or app, or a browser or operating system that hasn’t been updated will have vulnerabilities that will leave the user open to these kinds of attacks. The hacker can set up the program to automatically load and execute on your machine in the background.
This has been very common for years with the Flash program. Flash runs in a web browser to display certain elements, especially animated ones. Many online games used to use Flash.
A hacker would simply load up a piece of code that a web browser would execute when it came across the code on a site. They could use that code to attack the Flash player in a web browser. If that player hadn’t been updated in a while, there might be an open vulnerability that gives the code access to sneak onto the user’s computer.
And just like that, there’s a virus on your machine.
This situation was very common several years ago, and it was how many viruses were spread. This is why most of the internet has moved away from Flash, so that the code could not be continually exploited for viruses.
How to Prevent Malware & Viruses
With all these threats out there, how can you ensure internet security? If you are a website owner, then the best thing you can do is keep your website updated and monitored with a good detection system like Sectigo’s SiteLock Website Security plan.
With this system in place, your site and its code is scanned daily to ensure that all the pieces are secure and in the right place. If any weaknesses are found, they are corrected. And if you opt for the SiteLock Business option, if any vulnerabilities are discovered, it will proactively patch them before cybercriminals can exploit them.
This includes not just your website — the solution also provides firewalls to protect any plugins or ecommerce software you are running on your site. It is a complete solution for every piece of your website.
Using SiteLock Website Security can ensure peace of mind as well, knowing that you and your customers are safer from cybercriminals attempting to hack their way into your personal data.