NordLayer - Network Security

What are Malicious websites and how can you identify them?


By NordLayer
2 Aug 2022
15 min read
What are Malicious websites and how can you identify them?

The web is a dangerous place, where criminals constantly seek to deceive ordinary users. One of the most common cybercrime strategies is setting up malicious websites which fool visitors into providing information or making dangerous decisions.

As of July 2022, Google reported delivering 5 million malicious site warnings every day and recorded around 2 million phishing websites in early 2020. Both phishing and malware remain worldwide problems with huge potential security risks.

This blog will look at what makes malicious websites so dangerous and what you can do to protect yourself.

What is a malicious website?

As the name suggests, malicious sites intend to cause harm. They are not eCommerce stores, financial providers, or web applications that deliver essential services securely. Instead, they seek to steal valuable data or inject malicious software onto visitor devices.

The ability to copy familiar, reputable sites makes malicious websites so dangerous. For instance, Amazon replicas are common, and PayPal scams are increasingly popular amongst phishers.

Malicious sites are often incredibly similar to legitimate versions. However, they rarely appear in mainstream search results. Instead, victims encounter them via emails and pop-ups created purely to deceive.

How do malicious websites work?

While they always seek to deceive, malicious websites come in various forms. There are two different types: phishing sites and malware sites.

Cybercriminals engineer phishing sites to entice visitors to enter sensitive information. Victims could enter information via standard online forms, requesting documents, or signing up for mailing lists.

Phishing sites generally seek high-value data like credit card numbers, login credentials, and home addresses. That explains why replica-popular payment portals like eBay are common imposters.

Malware-based malicious websites exist solely to implant harmful software on target devices. This malware can gather data and send it to hackers, interfere with the operation of systems, or carry out unwanted tasks like crypto-mining. These sites have a range of approaches, including:

  • Drive-by downloads - Criminals can implant malware onto devices without needing to fool people into providing information. So-called 'drive-by downloads' can deliver malicious code without visitors being aware. There is no prompt to download software and no sign that the target device is now infected with malware. Corrupted javascript or plugins are all that criminals require.

  • Malicious files - Many phishers continue to rely on .exe files sent via email attachments or as pop-up downloads on fake websites. These files usually refer to apps like antivirus checkers or media players. So targets generally have a reason to download them. Video codec downloads are another common vector. When video fans click the links, they automatically install malware that unpacks and starts to run.

  • Malvertising – Malvertising uses corrupted pop-up ads to send malware to unsuspecting targets. These ads could be part of legitimate networks and appear normal. But when clicked, they trigger malware downloads or send users to other malicious websites.

There are also hybrid attacks that hijack legitimate sites and make them work for hackers. For instance, attackers could implant malicious redirects on an otherwise normal web page that funnel visitors to malicious content.

Web applications are also vulnerable to cross-site scripting or SQL injection attacks. What seems to be a perfectly normal web portal can hide dangerous secrets.

Examples of malicious websites

What does a malicious website look like? Unfortunately, the answer is usually: almost the same as the non-malicious original. 

Cybercriminals can easily recreate the look and layout of payment portals or newspaper sites, with few clues about their illegitimate nature.

For example, the phishing network BAHAMUT runs a highly sophisticated network of fake news websites. Taking over defunct news sites like Techsprouts, BAHAMUT created a complex web of contributors, social media accounts, and content. It used numerous zero-day exploits to deliver malware and targeted high-value individuals across South Asia and the Middle East.

BAHAMUT's targets saw informative emails or social media posts tailored to their interests. Suspecting nothing, they often followed links to articles or even interacted with fake experts.

Other attackers are less subtle, targeting the mass of eCommerce users via well-known online brands. Recent examples include:

  • Fake PayPal sites inform users their accounts have been limited and ask them for personal information.

  • Every Prime Day, thousands of fake Amazons appear. Some cover consumer goods, while others provide “solutions” to Prime Video streaming problems that require extensive personal data.

  • Phishers have created fake eBay websites linked to emails requesting “credit card updates” or messages from imaginary members.

  • Government services can also fall victim. In the UK, the tax authorities warn about misleading websites offering fake Covid-19 tax refunds but are actually infected with malware. Wells Fargo points out that the problem is just as engrained in the USA, especially during tax filing periods.

In all cases, attackers create websites that look very similar to the real thing. Very similar, but not exactly the same. As we’ll see there are some warning signs to look for that betray fake websites. But at first glance, most of these sites look legitimate.

How to identify a malicious website

Malicious websites tend to have certain features in common. For instance, they might include:

  • Multiple misspellings or other textual errors that would not be common in branded or official content.

  • URLs featuring HTTP instead of HTTPS. The “S” tells you that the site has an SSL certificate and uses TLS encryption to boost data security. SSL certification radically reduces the risk posed by man-in-the-middle data theft attacks.

  • Unusual requests to download apps are a big red flag. Many malicious websites rely on a small number of users clicking on malware downloads, which pop up automatically.

  • Fake prizes. You’ve probably seen these sites around the web. Any site promising a prize to the five millionth visitor is probably fake.

  • Suspicious security alerts. What better way to reach wary visitors than offering a security solution? Many sites promise virus and malware protection via one-click downloads. Some also inform you that your system is out of date. In all cases, if you haven’t requested assistance, it’s probably not intended to help you.

  • Overly generous deals that have not been advertised on the parent site or feel out of step with the brand’s standard offerings.

  • Slightly incorrect domain names. Scam websites tend to mimic parent sites but usually with minor differences. For instance, Amazon could become Amazon1 in the domain name.

  • Thin contact and background information. Imposter sites will generally offer very little information about the company involved. Contact details will probably be false if they exist.

What happens if I visit a Malicious Website?

There will usually be few consequences when visiting a malicious site. Security teams can neutralize many malware infections via antivirus software. And your data should remain safe if you remember to take care when entering personal information.

However, this isn’t always the case, and visiting these sites can have very damaging results:

  • Security weaknesses – If the site implants a drive-by download, it could immediately install malware and start gathering and relaying sensitive data about your activity and security vulnerabilities, potentially leading to corporate data breaches.

  • Damage from malicious code – Javascript infections can install automatically as soon as you use contaminated sites, leading to cascading redirects, damage to your files, and potentially catastrophic collapse.

  • Spreading malvertising – In other cases, clicking on malicious advertising causes problems for other web users. These ads propagate every time users click them. Copies spread across the web, reaching more and more targets.

  • Browser hijacking – URL injection attacks can implant malware that takes control of your browser, spreading malware across the web and monitoring your activity. Browser hijackers are usually intended to maximize the attacker’s ad revenues, but can also lead to spyware or costly ransomware attacks.

  • Data loss – This is the most common outcome of phishing websites. Many fraudulent websites seek to siphon confidential information via forms and sham payment systems. Successful phishing attacks cost companies an average of $14.8 million per year, making it a security and financial concern.

How to secure your employees from malicious websites

Fortunately, there are several things web users can do to limit the risks posed by malicious websites. For instance, these measures should serve as a baseline when managing risks:

  • Patch your operating system and apps regularly (including web browsers). Many attacks leverage zero-day exploits that updates will negate.

  • Employ reputable anti-virus software and filtering tools. Every device on a network should have fully-updated antivirus and specialist anti-malware tools that can detect drive-by infections as soon as they appear.

  • Avoid opening unsolicited attachments in phishing emails and take care when following links in the email text.  Verizon’s 2020 Data Breach Investigations Report found that 96% of phishing attacks occur via email. Because of this, email security is a crucial training area for corporate security teams.

  • If you land on dangerous sites, use the detection measures listed above to assess whether it is legitimate. Do not open any unwanted downloads or accept notifications unless you are sure the site is safe.

  • You can generally check web URLs to ensure they are what they claim to be. And if you have any concerns about site security, ask the website owner about their identity and security practices.

  • Segmenting networks can also be a wise move. Ensure employees can access core work resources while separating those resources from the wider web.

  • Train staff in device security, credentials management, identifying phishing emails, and general web safety. Create clear protocols regarding acceptable behavior, and employ user activity monitoring systems to ensure staff avoids risky websites.

Protect yourself against malicious websites with NordLayer’s help

NordLayer’s Secure Access Service Edge technology helps to lock down business networks, including Cloud resources, on-premises networks, and remote working systems from outside persons.

Our Secure Web Gateway solutions limit access to malicious websites, minimizing the risk of drive-by infections, Javascript injection, and email phishing.

Network segmentation contains threats when they appear, while encryption secures all network traffic and web interactions. 

Countering malicious websites involves a mixture of basic common sense and effective security technology. If you take care of staff training, NordLayer will handle everything else. Get in touch to find out more, and eliminate the risk posed by fake sites.

Share article

Related Articles

Protect your business with cybersecurity news that matters

Join our expert community and get tips, news, and special offers delivered to you monthly.

Free advice. No spam. No commitment.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.