An example of a malicious site

Actually, an example of a malicious site is always good.  Having several examples and attempting a classification of dangerous or harmful sites helps us recognize and avoid them, even if, once we land on them, it may be too late.  Malicious sites often appear to be totally harmless, or clones of well-known sites, and only careful analysis can make us realize that we should immediately close the browser tab.  In this article, we will explain the various types of malicious sites and point out the best way to protect oneself.

1. What is meant by malicious site

Before illustrating the various examples of malicious sites, we will try to formally define them.  A malicious, dangerous, or potentially harmful site is a site where an attack is hidden under some guise.  Dangerous sites could number in the millions. According to its Center for Transparency, Google records about five million alerts for malicious sites per day, of which about two million involve phishing sites alone.

The numbers should not frighten us; according to data from Internet Live Stats, there are about 1.5 billion sites in the world, 200 million of which are active.  Also according to SiteLock, malicious sites on the internet are in the millions (about four contain malware).  However, we should not be alarmed, because most of the sites which an average user visits are safe.  After all, let’s think about it, on average how many sites a day do we visit?  How many web services do we use? We are in the range of a few dozen, very rarely reaching hundreds.

E-commerce sites, official bank sites, and web services, such as social networks and streaming platforms, are generally safe, unless it happens that a cybercriminal group takes over a known domain and modifies the site to make it dangerous.  It has happened, of course, but it is not a common practice because the providers of these web services are increasingly careful to protect them, and also because cyber criminals always have the cost-benefit ratio in mind.  In other words, they always ask themselves:  is the gamble worth the risk?  How much can I gain from this activity?

>> FlashStart protects you from a wide array of threats and blocks access to malicious sites. Try it now: working with the internet has never been so secure!

2. The risks of stumbling upon malicious sites

The risks one can encounter by running into a malicious site are there for all to see.

» Phishing. The technique involves acquiring personal login data – username and password for the bank’s site, credit card number – following access to a web page set up to store the data once entered by the attacker.
» Malware. Click here!  Then disaster happens.  From such an inviting page departs a small piece of software which installs itself on the computer or smartphone.  From there it can happen that the computer, along with its data, is taken hostage.
» Trojans.  It may happen that, after having visited a suspicious site, apparently nothing happens.  Instead, a Trojan, or spyware, is installed on the computer and stays, “listening,” and intercepts potentially interesting data.  For example, keyloggers can store everything that is typed on the keyboard.

We have listed the most common risks that one may run into by visiting a malicious site.  In general, one will risk sharing confidential personal information or sensitive data, or even risk witnessing the locking of the computer and a subsequent ransom demand.  It is important to remember that if the same computer is used for work and one is connected to a corporate network, the damage is very likely to spread within the network itself.

Also, beware, the new laws also directly implicate the employee who has, voluntarily or involuntarily, caused harm to the company.  So, watch out because “navigating responsibly” today is an obligation.

>> FlashStart protects you from a wide range of threats and blocks access to malicious sites → Try it now

3. Types of malicious sites

So, the most classic example of a malicious site is one built to enable a phishing attack or scam.  Generally, cyber criminals build a clone site of a known site, for example, their own bank’s site, or Amazon, or even a courier company’s site.  The idea is to lead the user who happens upon it to share sensitive data, such as the username and password for online banking, credit card information, or provide personal information that will later be used according to social engineering techniques. Generally, pages built for this type of attack contain forms to be filled in.

Another example of a malicious site is one that contains malware, generally a small piece of software that will install itself on the user’s computer or smartphone.  Note that the software can self-install without the user’s doing anything.  Pornographic sites are classic examples of sites that contain malicious codes.

We can point to three main situations, in particular:

» Drive-by downloads.  Criminals can install malware on devices without the need to persuade people to provide information.  So-called “drive-by downloads” can spread malicious code without visitors’ knowledge.  There is no prompt to download software and no sign that the target device is now infected with malware.  Javascript and  plugins are the technical tools of criminals.

» Malicious files.  Many phishing attacks continue to rely on .exe files sent as e-mail attachments or downloaded from pop-ups on fake websites.  These files usually pose as antivirus or media players. Video codec downloads are another common vector.  When links are clicked, malware is automatically installed.

» Malvertising.  Malvertising uses modified pop-ups to send malware to unsuspecting targets.  These ads may appear normal, but, when clicked, they trigger malware downloads, or they direct users to other malicious websites.

Finally, other types of attacks, as mentioned, involve modifying legitimate sites for hacking purposes.  For example, attackers might set harmful redirects from a web page, sending visitors to harmful contents.

>> FlashStart’s artificial intelligence guarantees continuously updated protection for your browsing → Try it now!

4. Examples of malicious sites

What does a malicious website look like?  Unfortunately, the answer is often:  almost the same as the non-malicious original.  Cybercriminals can easily recreate the appearance and layout of payment portals or news sites, and it is often tricky to detect the fraud at a rough glance. 

For example, the Bahamut criminal group operates a highly sophisticated network of fake news websites.  Taking control of long-used news sites, such as Techsprouts, Bahamut created a complex network of contributors, social media accounts, and contents.  It has used numerous zero-day exploits to distribute malware.  Without suspecting anything, users often followed links to articles or even interacted with fake experts.

Other cybercriminals target those who shop on well-known e-commerce sites.  Recent examples include:

» Fake PayPal sites inform users that their accounts have been restricted and ask them for personal information.
» Thousands of fake Amazon sites appear every Prime Day. Some are about consumer goods, while others provide “solutions” to Prime Video streaming problems which require extensive personal information.
» Fake eBay websites requesting “credit card upgrades” or messages from imaginary members.

However, we also have other examples.  In the United Kingdom, tax authorities warn of misleading websites that offer fake Covid-19 tax refunds but are actually infected with malware.  Wells Fargo warned users by stating that the problem is common in the United States, especially during tax return periods.

In any case, attackers create websites that look very similar to the real thing, very similar, but not exactly the same.  As we shall see, there are some warning signs to look for that betray fake websites.

5. How to recognize malicious sites

Harmful websites have some characteristics in common that allow us to detect them.  For example, they might include:

» Numerous spelling or other textual errors that you would not find on real brand websites.
» URLs with HTTP instead of HTTPS.  The “S” indicates that the site has an SSL certificate and uses TLS encryption to increase data security.  SSL certification radically reduces the risk posed by data theft attacks.
» Unusual requests for downloading apps are a big red flag.  Many harmful websites target users who click on downloads.
» Fake prizes.  Any site that promises a prize is probably fake.
» Promising security.  Many sites promise protection from viruses and malware via one-click downloads.  Some even inform you that your system is not up-to-date.
» Overly generous offers (scams, discounts) which are not advertised on the main site or are too convenient.
» Slightly incorrect domain names.  For example, Amazon might become Amazon1 in the domain name, so it is always better to check the whole url string.
» Non-existent contacts and absent background information.  Imposter sites generally offer very little information about the company involved.  Contact details, if they exist, are likely to be false.

6. How to avoid malicious sites

A malicious site is always accessed by a click on a message, a text message, an email, a chat message.  So, the first thing to do is to be wary of these messages and avoid clicking on the link.  Your bank, for example, will never contact you by text message to tell you to change your password, nor will the courier company that has a shipment in your name.

Secondly, in order to avoid running into examples of malicious sites, you should have a filtering service for browsing, a DNS filter. 

Many DNS filters are too sophisticated, complex to install and manage, and expensive.  However, there are ones that are perfect for use in households, government, and educational institutions.  FlashStart’s DNS filter is the right choice for those who want a browsing monitoring service that is easy to configure, customize, and always up-to-date.

FlashStart’s DNS filter carefully analyzes all stops on a path which makes a request to access a site.  The filter also uses machine learning algorithms in order to exclude dangerous paths a priori, thus speeding up the check.  Additionally, FlashStart uses up-to-date and reliable DNS registers in analyzing the paths from the user to the requested site. 

Capable of filtering about two billion website queries, FlashStart DNS protects the browsing of twenty-five million users every day, is present in more than 140 countries around the world and in about ten thousand businesses, schools, and public administrations, and is delivered, also in the form of a service, by 700 certified partners. 

Finally, why choose FlashStart’s DNS filter to control internet access?  Let’s summarize its seven distinctive points:

» Frequent updating of blacklists:  FlashStart checks 200 thousand new sites per day.

» Guaranteed low latency (that means the speed between request and access).

» Ninety categories of malicious sites and geoblocking to isolate dangerous countries.

» Use of artificial intelligence to improve the quality of blacklists and for latency.

» Ease of configuration and management.

» Native integration with Microsoft’s Active Directory to speed up the work of system administrators in schools, institutions, and SMBs.

» Worldwide LAN protection and roaming on end points via Anycast network.

You can activate the FlashStart® Cloud protection on any sort of Router and Firewall to secure desktop and mobile devices and IoT devices on local networks.