Can you get a virus from visiting a website?

Last Updated on February 4, 2021 by Vinay Kharayat

You must be wondering “Can I get infected by a virus/malware/worm by just visiting a website, without downloading any file?“, or “If I will not download anything can my computer get infected by a virus?”

So, the answer is, “Yes, you can still get infected!”. But don’t worry, an individual who only surfs social media, or uses Google to research or download something doesn’t interest hackers. So, then who should worry?

Who should be worrying about getting infected by just visiting a website or clicking a link?

If you work for a company and use your office computer for personal reasons like surfing the internet etc., or if you are a government official. Anyone who works for big or small organizations should take extra precautions especially while using official devices for visiting a website.

I am using the internet for over a decade but never got a virus for visiting websites!

Yeah, this can be true. I believe you. You never experienced a hack because your Hack Value is zero. Hack value – is the notion among hackers that something is worth doing or is interesting.

Just imagine, you’re the world’s best hacker, you can literally hack anything with the snap of the finger. So, would you be interested in hacking someone random, just some dumb guy from another city(excluding the fact you are bored and have nothing fun to do) or would you hack a bank, or your college website, or maybe your crush’s Facebook account? Obviously, you will hack a bank to get unlimited money, right? Here the hack value of “some random guy” is zero for you but the hack value of a bank, college website, or your crush’s Facebook account is much higher.

The same goes with the hackers, they don’t care about an individual’s personal life unless you are the CEO of some big company.

What happens if you visit an unsecured website?

What does “Not secure” website mean?

There are two types of protocols, HTTP and HTTPS. HTTPS means your data will not be in human-readable form. Only the server can read data. So if you are accessing a website with HTTP do not submit any bank details or other information. But it is mostly safe to “visit” these websites.

I did not install anything, how someone can hack me?

The culprit here is your web browser. Hackers can use an undetected bug in your browser to hack your computer. Around a year ago, I wrote an article about Android Firefox Vulnerability that was allowing hackers to steal your WhatsApp documents.

Android Firefox browser is the most vulnerable web browser. Recently, many zero-day vulnerabilities detected in Android Firefox Browser. Though developers work hard and fix them as soon as possible but still, if some black hat hacker is stalking you, zero-day is all he needs.

Let’s take an example of the commonly discussed kind of software flaw is a buffer overflow.

Imagine a carefully crafted GIF (no J sound you heathens) file by an attacker who found a hypothetical bug in the GIF parser of a browser. This GIF might lie about its size telling the parser it is 10 bytes in size. When viewed on the page the browser would download it and pass it to the parser to get something to display. When the buggy parser reads the GIF metadata it would (erroneously) trust the GIF and only allocate 10 bytes of space, then the overflow will write to whatever was in memory after that 10-byte buffer.

If the attacker crafted it well, he can overwrite some executable instructions. Perhaps this overwrote something the software would execute automatically. When the attacked system tries to execute these overwritten bytes it executes the attackers’ code. There are many mitigations for this specific attack, for more reading search for “NX bit“, “Address Space Randomization“, and “Heap vs stack-based buffer overflows“.

Only one type of device is not vulnerable to these attacks. Any electronic device with a web browser is vulnerable to these hacks.

What can I do to prevent myself from these vulnerabilities?

First, you should stop visiting pirating sites, especially not using your official computer. Those are the most dangerous area for legal internet.

Anyway still you can’t just stop surfing the internet, right? So just follow the below instructions for saving yourself from such attacks.

  • Install updates, automatically if possible.
  • Use AdBlockers.
  • Try not to visit random links, use Google or Bing to find something.
  • Always keep backup in a separate Hard Disk.

Many white hat hackers detect zero-day and report to developers. Software Developers work hard to protect you against these types of vulnerabilities. So always keep your web browsers up to date and keep visiting for more information.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.