Can you get a virus from visiting a website?

You must be wondering “Can I get infected by a virus/malware/worm by just visiting a website, without downloading any file?”, or “If I will not download anything can my computer get infected by a virus?”

So, the answer is, “Yes, you can still get infected!“. But don’t worry, an individual who only surfs social media, or use Google to research or download something don’t interest hackers. So, then who should worry?

Who should be worrying about getting infected by just visiting a website or clicking a link?

If you work for a company and use your official computer for personal reasons like surfing internet etc., or if you are a government official. Anyone who works for big or small organizations should take extra precautions specially while using official devices for visiting a website.

I am using internet for over a decade but never got virus for visiting websites!

Yeah, this can be true. I believe you. You never experienced a hack because your Hack Value is zero. Hack value – is the notion among hackers that something is worth doing or is interesting.

Just imagine, you’re the world’s best hacker, you can literally hack anything with the snap of the finger. So, would you be interested in hacking someone random, just some dumb guy from another city(excluding the fact you are bored and have nothing fun to do) or would you hack a bank, or your college website or maybe your crush’s Facebook account. Obviously you will hack a bank to get unlimited money, right? Here the hack value of “some random guy” is zero for you but hack value of bank, college website or your crush’s Facebook account is much higher.

Same goes with the hackers, they don’t care about an individual’s personal life, unless you are the CEO of some big company.

I did not install anything, how someone can hack me?

The culprit here is your web browser. Hackers can use an undetected bug in your browser to hack your computer. Around a year ago, I wrote an article about Android Firefox Vulnerability which was allowing hacker to steal your WhatsApp documents.

Android Firefox browser is the most vulnerable web browser. Recently, many zero-day vulnerabilities detected in Android Firefox Browser. Though, developers work hard and fix them as soon as possible but still, if some black hat hacker is stalking you, zero-day is all he needs.

Let’s take an example of the commonly discussed kind of software flaw is a buffer overflow.

Imagine a carefully crafted GIF (no J sound you heathens) file by an attacker who found a hypothetical bug in the GIF parser of a browser. This GIF might lie about its size telling the parser it is 10 bytes in size. When viewed on the page the browser would download it and pass it to parser to get something to display. When the buggy parser reads the GIF metadata it would (erroneously) trust the GIF and only allocate 10 byes of space, then the overflow will write to whatever was in memory after that 10 byte buffer.

If the attacker crafted it well, he can overwrite some executable instructions. Perhaps this overwrote something the software would execute automatically. When the attacked system tries to execute these overwritten bytes it executes the attackers’ code. There are many mitigations for this specific attack, for more reading search for “NX bit”, “Address Space Randomization”, and “Heap vs stack based buffer overflows”.

Only one type of device is not vulnerable to these attacks. Any electronic device with a web browser is vulnerable to these hacks.

What can I do to prevent myself from these vulnerabilities?

First you should stop visiting pirating sites, specially not using your official computer. Those are the most dangerous area for legal internet.

Anyway still you can’t just stop surfing internet, right? So just follow below instruction for saving yourself from such attacks.

  • Install updates, automatically if possible.
  • Use Ad Blockers.
  • Try not to visit random links, use Google or Bing to find something.
  • Always keep backup in a separate Hard Disk.

There are many white hat hacker that detect zero-day and report to developers. Software Developers work hard to protect you against these types of vulnerabilities. So always keep your web browsers up to date and keep visiting for more information.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.