What happens if you accidentally visit a malicious website?

Here, briefly, are two more issues that belong in the non-existent User Guide to the Internet.

Issue one: You can't trust Google search results.

Any time an event or story becomes brutally popular, bad guys make customized malicious web pages and trick Google into displaying these bad web pages near the top of search results for the popular event or story.

This just happened with the Tiger Woods commercial where we hear the voice of his dead father talking to him.

Haven't seen the commercial? Be very careful doing a Google search for "tiger woods commercial".

The danger in this particular search was just documented by Lee Gaves of eSoft. According to his research, six of the top seven search results "lead to Fake Anti-Virus pages begging the user to install malicious software. The video results have also been poisoned to do the same." Six of the top seven*. Yikes.

What to do?

One way to protect yourself from malicious web sites/pages is the free Web Of Trust add-on for Firefox, Internet Explorer and Chrome. Web of Trust lets users rate the safety of websites and displays the ratings in a number of places. One place the ratings appear are the search results in Google.

A green circle means the website (sports.espn.go.com in this case) is considered safe and a yellow circle (sportzu.tv in the example) means proceed with caution. Sites with red circles should be avoided. The gray circle with a question mark means there are not enough ratings to form an opinion. One reason for this might be that the website is new.

Web of Trust can never be perfect, but it's a free service and you are safer with it than without it.  

But what if you click on a malicious link in the Google search results?

In the interest of research, I did just this.

No surprise, I was lied to immediately. A window popped warning that my computer was vulnerable to malware attacks and offering to check my system.

 Issue two: Now what?

Some recommendations are that you just X out of the window. While this is safer than clicking anywhere inside the window, it's far from safe. If the prompt is a web page (this one appears to be a JavaScript alert) then even closing it allows JavaScript inside the window to get control.

A safer approach is to forcibly terminate the web browser process. Windows users can use Task Manager to terminate a running process. Personally, I prefer Process Explorer (Task Manager "ends" a process, Process Explorer "kills" it). Safer yet, is shutting down the entire system.

But, the safest thing to do in this case is to immediately disconnect the computer from the outside world, then re-boot the system.

As a test, I terminated Firefox using Process Explorer and then re-started the browser. This turned out to be inadequate.

When Firefox restarts, it realizes that it did not properly shut down and immediately tries to re-open all the tabs that were open at the time it was rudely interrupted. Thus, the scam offering to check the system for malware re-appeared.

The simple act of clicking on a Google search result, has put three things on the Defensive Computing to-do list.

1. Sever connections with the malicious web page

2. Clear out the web browser cache

3. Make sure the browser does not try to re-visit the bad page

I've seen an AOL user get stuck on the last item.

After getting tricked into visiting a malicious page (also from Google search results) they were smart enough to shut down AOL immediately. However, every time they logged back into AOL they were immediately taken back to the same malicious web page.

Disconnecting from the Internet, either physically or logically, insures that your web browser can't get to the malicious page, and, that a locally cached copy of the page can't phone home. Thus, while off-line, you can safely start your web browser, clear out the cache and insure it doesn't try to re-load the bad page.

In my case, I killed Firefox again and took the computer off-line by disabling the network connection. Running on a Windows XP machine, this meant using the Network Connections applet in the Control Panel to disable the Local Area Connection (it was an Ethernet based LAN connection).

Now, when Firefox started up, it apologized for problems re-opening all the tabs.

Clicking the "Start New Session" button will probably prevent Firefox from returning to the malicious web page. I say "probably" because in my tests this took me to the default home page. If the malicious page had modified the default home page, then you could still end up at a bad place. Plus, I had a lot of open tabs and wanted them all back, except, of course, for the malicious one.

Fortunately, Firefox lets you remove (un-check) one or more tabs and then have it re-open the rest. I removed the offending tab, let Firefox continue and, no surprise, every page failed to load with Server Not Found errors. This was a good thing, though, for two reasons.

For one, it let me clear out the browser cache to remove any remnants of the malicious page. It also let me verify the URL in each tab to insure it was one I wanted in case the offending page had spawned other malicious tabs.

Finally, with a clear cache and sure of my URLs, I reconnected the computer to the Internet and one by one, re-loaded each tab.

Whew.

For non-techie users, it is probably asking too much to disable network connections and deal with server not found errors and Firefox startup problems.

Sandboxie offers Windows users a better way. I've written about Sandboxie before, so here I'll be brief. 

Sandboxie can put a wrapper around your web browser (or any Windows program) that prevents it from making any changes to the rest of the system.

Of course, you want to be able to create new bookmarks/favorites and Sandboxie provides an optional hole in the wrapper for this. You also want to download files from the Internet and Sandboxie lets you designate a folder for saving files.

And that can be it.

In other words, other than these two optional exceptions, the web browser can be prevented from making any permanent changes.

For maximum safety, Sandboxie can be configured to back out all changes made by your web browser every time it is shut down. Think Ground Hog Day (the movie).

Sandboxie comes in free and paid versions, the free version offers the vast majority of features. Sandboxie runs on all versions of Windows from 2000 through 7; both 32 and 64-bit.

Can you get infected by just visiting a website?

What happens if I visit a hacked website?