Can You Get a Virus Without Downloading Anything

While malware and viruses are pervasive — it’s estimated there are more than a billion malware programs in existence — for the average tech user, understanding this threat is more complicated than ever. Then, you also have to contend with plenty of outdated information which doesn’t consider how far malware programs have come in the last few years. Thankfully, this post will provide updated information about malware, allowing you to protect your devices and your personal data from malware.

Can I Get a Virus by Just Visiting a Website?

Most savvy internet users believe staying safe online means following four rules about staying safe online:

  • Don’t click on unknown links, 
  • Don’t visit suspicious websites, 
  • Don’t download unknown documents
  • Don’t download suspicious attachments

But, you may still have one question: Can I get a virus from visiting a website?

The short answer is yes. You can get a virus from visiting a website. 

Firstly, you need to understand that a virus – macro virus, polymorphic virus, and file infector — are all types of malware. You may not get a “virus” from a website, but your device may get infected by malware when you visit a website. Here’s how that could happen.

Malware Changes the Code

Making a distinction between a virus and malware is critical because viruses typically require active participation: downloading a file, inserting a USB, or anything that requires YOU to take action.

But malware doesn’t require you to do anything. You can be a passive browser and fall victim to malware. The reason for this is that hackers typically change the code. That way, the website is infected and — as a result — serves as an access point from your device to malware.

Code Execution Exploits Vulnerabilities

Code execution exploits are a commonly used toolset to infect unsuspecting users’ devices.

In such an attack, a hacker exploits the code of vulnerable websites and browsers in addition to plug-ins, like JavaScript and Flash players, to insert their malicious code. Then, when you visit these websites, you’re exposed to malicious scripts.

Code execution exploits are common because they’re sold through easy-to-use exploit kits. These exploit kits sell on the dark web to buyers who can install the kit and use it wherever they see fit.

Exploit kits are easy to use because they follow a set of instructions that enable them to infiltrate a web user’s device, deliver its payload, and deposit a remote access tool or RAT on your device.

The result is the ability to steal user information, take over devices, or send — stolen — information to other devices.

But what’s most concerning about code execution exploits is that they can attach malware to advertising networks — that distribute ads to otherwise safe and legitimate websites. When you access websites with these ads, you’re vulnerable to the malware on the ads displayed on the site. 

Man in the Middle Attacks

Another way you can unknowingly download malware by visiting a website is through a man-in-the-middle attack or MITM. In this method, which requires more prowess to execute, a hacker intercepts traffic between the user and the web application. The attacker can either spoof the website you think you’re visiting, which allows it to eavesdrop, or direct data transfer, between you and the site you’re visiting by pretending to be the website or creating a tunnel you pass through before reaching the website.

But, unlike code execution exploits, man-in-the-middle attacks typically require you to take careless or unwitting actions, like accessing free public wifi and not entering the browser URL when you’re visiting the website.

Can You Get Malware Without Internet?

Unfortunately, as the emphasis is placed on internet safety, traditional digital safety is ignored. Because threats aren’t limited to your access to the internet. 

Your device can get malware without going online or connecting to the internet. But, unlike online threats, offline threats are limited to taking action. To get malware offline, you need to connect your device to another device and vice versa. That means a modem, USB, CD, another computer, or phone can all be entry points for malware.

Essentially, if you can transfer data from it, you can transfer malware from it.

How Do I Know if I Have Malware Before Downloading?

By now, you’re wary of anything you can access online and want to know how to protect yourself, your device, and, most importantly, your information from malicious actors. You may want to ascertain how to determine if files or websites have malware before downloading or accessing them.

Check a File for Malware Before Downloading

You can scan a file for malware before downloading it in two easy steps and less than one minute. 

Copy Link Address

Start by right-clicking the file you want to download and select “copy link address” on Chrome, “copy link location” on Firefox, or “copy link” on Edge.

This will work regardless if the file or link is hyperlinked.

Use a Service Like VirusTotal to Check URL

Once you have the files link, head to VirusTotal — an app owned by Google since 2012 — to scan the file.

Select the URL tab and paste the URL you copied. Either click search or enter to initiate the scan.

The file will be downloaded to VirusTotal’s servers and then scanned with a significant number of antivirus engines. However, if someone else has recently scanned the file, VirusTotal will show you these results.

If “No engines detected this URL” appears, that means the antivirus engines TotalVirus has run the file through haven’t detected any malware. It could also say 0/65 engines detected malware. However, these antivirus engines scan for known and prevalent threats. Every day tens of thousands of malware programs are being invented.

In some cases, you may get a result showing under ten engines had an issue with the file. This could be a false positive, or it may be that some of the antivirus engines have updated their databases and are already aware of emerging threats. In such instances, it’s up to you to decide whether or not to take the risk.

You can take every precaution online to avoid falling victim to malware, but even that may not be enough. Instead, your best course of action is to tread cautiously and frequently change your login and security credentials. 

But you can also save yourself a world of hurt by installing an adblocker and typing in website addresses rather than using bookmarks, as these can be spoofed. Furthermore, by following the steps above, you can ensure you don’t fall victim to malware downloaded through a file.

Recommended Reading