Happy Trails Computer Club

home > security > level 1  2  3  > websites
Risky Web Sites

Web pages (particularly popups) can be dangerous to your computer

It's easy to rig Web pages to attack computers. Web pages can do anything from vandalizing your computer to installing malware. By extending the original HTML concept, browsers can now access several program languages -- Java, Javascript, ActiveX and Microsoft Word macros, for example.

This means that Web pages (and HTML email) can now include malicious code to be executed by these powerful languages. They can install spyware, adware, hijackers, dialers Trojans or other kinds of malware. Often it all happens as the Web page opens, you don't need to click any links.[where angels fear to click] [malware]

Browsers are designed to execute these languages unless you change the settings. Your best perimeter defense against the hazards of HTML is to stay away from the risky Web sites. Your best secondary defense is to use the right system, and browser settings, and keep Windows and your browser patched and up to date.

A growing threat

More spyware gets into computers from popup windows and other Web page chenanigans these days than from email attachments. Those of us us who frequently go online have gotten used to seeing popups or other notices from Web sites that advise us we need additional software to fix a problem, properly view a page, or some such malarkey. (Yeah, like I can really read Chinese characters if they were "displayed correctly".)

When asked if we want to download and install the software, clicking OK can be a reflex action. Spyware writers know this. They set their bait, and a lot of us go for it (picture a mouse with its neck in a trap at this point). Sometimes, there's a tempting offer we can't resist. It may be combined familiar graphics or a look-alike Web address that makes it look like something we can trust. You just can't be too careful these days. There's no limit to the deviousness these parasites can come up with. Treat it like spam. If you didn't ask for it, just ignore it.

Popup windows

I'm sure you know what a popup window is. They're irritating in the extreme. Many of them are devious in the extreme as well. Some can trigger serious trouble for you or your computer.

Example: You see a popup. It has an "X" on it, so you click it to close the window. That triggers the download and install of malicious software. The software disconnects you from your ISP, dials a $4.99 per minute "premium service" and you end up with a huge phone bill.

What happened? The "X" was fake -- the whole window was just a graphic. Anywhere you clicked was a link to the "drive-by download".

How can you avoid drive-by downloads? A good way is to prevent popups in the first place. If you do get a popup though, close it using the "Ctrl-W" trick. (As soon as it pops up, hold down the Ctrl key and press the W key). That way you won't trigger the download.

"Pop-up Downloads", AKA "drive-by downloads" often appear as a small system or security notice, and ask things like, "Do you accept this download?" or "Do you trust this software from..., and do you want to install it?" It often appears that if you don't, the content you wanted won't be available. They're designed to get a knee-jerk benefit of the doubt. When you click the "Yes" button the foistware is installed on your computer. [more]

That dialog box that pops up and claims you need to install a plug-in to view special characters, or to open the page, or to get some great new whiz bang could also be a trap. Even those that carry a widely recognized name like Adobe Reader Macromedia Flash, Shockwave, RealOne, etc. They could be fake. The best policy is to stop what's going on, go to Adobe or whatever, download and install the software, and then go back and try the Web site again. Yeah, I know it's a bother, but that's the price of being safe instead of sorry.

Trick webpages

Counterfeit Web sites are used extract personal information from people. Here, they are an enabling vector -- the actual attack vector is deception. Counterfeit websites look very much like the the genuine websites they imitate. You think you're doing business with someone you trust. However, you're really giving your personal information, like your address, credit card number and expiration date to a rip-off artist.

These counterfeit Web sites are often used in conjunction with spam. The spam message usually is an urgent notice that you need to straighten out some problem with your account. The link you click takes you to a Web site with an address that is very similar to the legitimate one. Several banks, mutual funds, PayPal, etc., have been used as templates for these frauds. Once you get there, the account number, password, expiration date or any other information you enter goes directly to the scammer.

Web mail is really just Web pages that give you access to the contents of email messages. These messages can be sent by anybody, so if the message is in HTML format, it has the same potential for mischief as any other Web page. Of course you should follow the relevant precautions for email and email attachments as well when you're reading Web mail.

"Drive-By" websites surreptitiously install malware that takes control of your browser and steers you where they want to go. Your best perimeter defense is to stay away from risky websites -- gothic, warez, crackz, gamer, cheat code, tres equis, and sites of that ilk. Your secondary defense is to use the right system and browser settings, and keep Windows and your browser patched and up to date. That may block installation of the foistware.

Demonstration

There are all sorts of dirty tricks you can do with Web pages. For example, there's a simple way to include malicious content in music or video files. All you need to do is link to such a file, from a Web page, the link can even be hidden. Download and run example.mp3 -- you can trust me, I'm a grandfather -- to see a convincing but perfectly safe demonstration. (*.mp3 is a popular compressed file format used for music.)

You'll need to have Windows Media Player installed to play the sound and see the results. In addition to the music, three more browser windows will open -- unless you have your security settings set too high. These windows will just display some perfectly safe content. If this little file can do that, just imagine what a crook or malcontent could do with a file they concoct.

"No, I don't take offense at dumb blond jokes. I'm not dumb and I'm not blond." -- Dolly Parton
club stuff
help
topics
computers
software
hardware
internet
security
overview
   lost? > index
attack vectors
   attachments
   deception
   email
   hackers
   web sites
   worms
defenses
   #  2  3
safe settings
   system
   browser
   email client
safe practices
   patching
   email
   attachments
   surfing
   file handling
defense tools
   malware
   antivirus
   anti-trojan
   firewalls
defense tests
privacy
resources