We do it every day. In fact, you are doing it right now. Visiting a website. Although you might think that merely browsing to a web page can't introduce malware to your computer or mobile device, you could be wrong. In fact, malware that infiltrates a user's device from a website is a common method for cybercriminals to spread further havoc.
Here are some ways that malicious code can be spread from a website:
- Malicious redirects. An attacker can "spoof" a web page and in fact send you not to the original, valid website but to a fraudulent web page under the hacker's control, which can then proceed to load malware into your device.
- Pop-up ads. Although the base web page might be legitimate, hackers can insert pop-up ads that when clicked infect your device with malware.
- Drive-by downloads. With a drive-by download, you don't even need to actively open a link or click on anything. Malicious software is embedded into a legitimate website without the owner's knowledge, and when you visit the site, it triggers a download of additional malicious code to your device.
Make no mistake: these types of cyberattacks have become a huge underworld industry, with "exploit kits" being sold as subscription services by the hundreds of thousands. Such a kit, just like above-board software, come with sophisticated features and user-friendly interfaces. A kit will include software that scans a victim's computer for vulnerabilities. Then, when one is detected, the "correct" code, designed to take advantage of a particular vulnerability, is injected into the compromised device.
Once the malicious code has been transferred from a hacked website to your own computer or device, your computer or device has now been hacked in turn.
How do I know if my computer's been hacked?
You might not realize right away that your computer's been compromised. But here are some symptoms to look for:
- You start receiving annoying pop-ups
- Your computer starts frequently crashing or shows slow performance
- You find unknown programs or files
- Your security software is disabled unexpectedly
- Your web browser behavior changes: Shows extra toolbars or add-ons that you did not add, searches or addresses you enter are redirected to unexpected websites
- You're denied access to system areas that you should have privileges to, or your computer locks up altogether
- Messages from your antivirus software
And, other signs might not be associated with directly using your computer, but could also indicate compromise. For instance, telltales might be unexpected bills from stores you never visited, anomalies (especially missing money) from your bank or cryptocurrency account, or receiving ransomware messages (messages that promise to return full functionality to your device if you send money somewhere).
How can I avoid a website-induced hack?
With the increasing prevalence of cyberattacks, there's no guarantee that you won't fall victim at some point. But to keep hackers at bay, engage in good safety practices whenever you are browsing the web. For example:
- Use reputable antivirus software and keep it up-to-date.
- Don't proceed to a web site if your web browser displays a message notifying you that the site might not be secure.
- Don't click on pop-up advertisements.
- Scan downloaded files attachments before opening them.
- Never use the same password for multiple accounts.
- Check that a website has "https" in the address, meaning it uses a more secure protocol, and that the web address is preceded by a little "lock" icon in the address bar. This is an industry standard for indicating that the website is using a trusted security certificate.
- Use a website scanning tool before you actually go to the website.
It's a little easier said than done, but avoid questionable websites. Be especially vigilant for spoofed sites. Sometimes close-but-not-quite names are a giveaway. For instance, you'll want to go to "visa.com" but not "myvisacard.com" to get to the official Visa web site. Look for other signs, such as an unprofessional-looking web site, although this won't always mean that the website is a fake.
Check websites before you visit with Comodo cWatch Site Score Scanner
One simple way to check for malware before you connect to a website is by scanning it first with the Comodo cWatch Site Score Scanner. This free-of-charge tool, while intended for use by website owners to check for malicious intrusions, can remotely scan any website, including those you want to check before visiting. Just enter the web site address into the "domain" field. Among other attributes, Comodo cWatch Site Score Scanner checks for the validity of security certificates, malicious or suspicious code, content management system risks and provides an assessment of website reputation.
Protect your own websites with Comodo cWatch Web
If you manage your own website, you can protect it from attackers that could otherwise make your website a "no-go zone" for other internet users by using Comodo cWatch Web.
Comodo cWatch Web is a fully-featured, managed, cloud-based security solution that can protect your website from hacker. It's available with a robust web application firewall (WAF) that can block advanced threats such as Denial-of-Service (DDoS), Cross-Site Scripting and SQL Injection attacks.
The WAF is provisioned over a secure content delivery network (CDN) and monitored through the Comodo security information and event management (SIEM) system. Web traffic is continuously monitored and alerts are immediately received by security experts at the always-on (24/7/365) Comodo Cyber Security Operations Center (CSOC). Once an alert is received, certified analysts deploy countermeasures to the web application firewall and address security events before they escalate to security incidents, all in real-time.
Comodo cWatch Web can also enhance your website in other ways. Besides built-in security, the Comodo CDN delivers web content at a faster rate by caching at many global data center servers in order to meet traffic spikes and shorten the distance to local servers. This can improve your website's search engine visibility (SEO) and ranking.
And, if your website is also a payment portal, PCI scanning ensures that it complies with the PCI DSS (Payment Card Industry Data Security Standard).
Comodo cWatch Web is available as a subscription service, with three service levels. Find out more about Comodo cWatch Web subscriptions today!