What are malicious websites?

A man with a puzzled look on his face wondering if he's entered a malicious website or fallen victim to identity theft.

Most people don't know that you don’t have to intentionally download a malicious attachment to compromise your computer’s security.

Most people are unaware of the fact that you don’t have to intentionally download a malicious attachment in order to compromise your computer’s security. Malicious websites and drive-by downloads are just two ways that your security can become compromised by doing nothing more than visiting a website. Both underpin the necessity of protecting your computer with a strong Internet Security Program. And despite what you might have heard, Macs need them just as much as Windows machines.

Help protect your digital life on your devices.

Are you afraid of losing your personal information or all the precious things on your computer? Get comprehensive protection with Norton Security Deluxe across all your devices – up to 5 PCs, Macs, smartphones or tablets.

Create an account today and try it free for 30 days on up to 5 of your devices.

What is a malicious website?

A malicious website is a site that attempts to install malware (a general term for anything that will disrupt computer operation, gather your personal information or, in a worst-case scenario, gain total access to your machine) onto your device. This usually requires some action on your part, however, in the case of a drive-by download, the website will attempt to install software on your computer without asking for permission first.

What’s more, malicious websites often look like legitimate websites. Sometimes they will ask you to install software that your computer appears to need. For example, a video website might ask you to install a codec, which is a small piece of information a video player needs to run on a website. You might be used to installing safe codecs, but it only takes one unsafe installation to compromise your machine, and your sensitive information along with it. Similarly, the website might ask for permission to install one program, but install a completely different one -- one that you definitely do not want on your computer.

What is a drive-by download?

Drive-by downloads are even scarier than a malicious website, though the two sometimes overlap. Drive-by downloads can be installed on your computer simply by looking at an email, browsing a website or clicking on a pop-up window with text designed to mislead you, such as a false error message. This type of malware is particularly frightening, because it’s basically impossible to know if you’ve done something to install the malware. What’s more, your anti-virus software might be incapable of detecting it, because hackers deliberately make it difficult for anti-virus software to detect.

Drive-by downloads often don’t require your consent, or tricking you into giving it. Sometimes the malicious code hides deep in the code of the website. Once the download is on there, it can be difficult or impossible to get off of your computer, tablet or mobile phone. You might even be visiting a website you’ve visited hundreds of time and trust, but somehow a drive-by download got in there.

what are malicious websites

How do I protect myself against malicious websites and drive-by downloads?

  • Internet security software can’t always detect bad software from malicious websites and drive-by downloads. It can, however, prevent you from getting them in the first place. Defensive software such as Norton Security will prevent known drive-by downloads and warn you when you try to visit a malicious website.
  • The best thing you can do to protect yourself is to keep your computer’s software up to date, most importantly your operating system. Often times, hackers utilize known security problems in software before manufacturers can patch the problem. Updating your software prevents you from being low-hanging fruit.
  • Don’t install codecs unless you’re absolutely positive that they’re safe.
  • Don’t open emails that seem suspicious or “spammy,” especially if they contain attachments or are from unknown senders.
  • If you get a link in an email, it doesn’t hurt to visit the main website by typing the address into your browser manually. When in doubt, call the person who sent you the email before clicking.
  • If you’re the least bit suspicious about a URL, use Norton Safe Web to check it out.
  • If a website seems off, looks like it’s installing something or is asking permission to install codecs, you’re better off closing the tab and looking for the content elsewhere.

There are a lot of dangers out there and malicious websites hosting drive-by downloads are some of the newest and scariest. But there are ways for you to protect yourself so that you can use the Internet without trouble. Do your due diligence and exercise reasonable caution and your web surfing should be smooth sailing.

Norton logo
  • Norton
Norton empowers people and families around the world to feel safer in their digital lives

Editorial note: Our articles provide educational information for you. Our offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about Cyber Safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses. The Norton and LifeLock brands are part of Gen Digital Inc. 


    Want more?

    Follow us for all the latest news, tips and updates.