There’s no malware on my PC, so why does Google redirect me to dodgy websites?
Have you ever typed in a URL only to be directed to a website that has nothing to do with the page you intended to view? Or clicked on a Google search result and you still find yourself redirected to a different website?
Most of the time, malicious browser redirects are caused by browser hijackers, a type of malware that can modify the behavior of your browser without your permission. You can use the free Emsisoft Emergency Kit to scan and remove browser hijackers and other types of malware from your system.
But malware’s not the only possible cause of browser redirects. In some cases, your computer can be squeaky clean and you’ll still find yourself being magically redirected to questionable websites that are completely unrelated to the page you want to visit. If this happens to you, there’s a good chance that the website you’re trying to visit has been compromised with a malicious redirect.
In today’s post, we’ll show you exactly how malicious redirects work and what you can do as a user to mitigate the risks.
What are malicious redirects?
Malicious redirects are bits of code that are injected into the core files of a website. They are designed to divert website visitors to a specified, unrelated site that often contains adverts, pornography, potentially unwanted programs or browser extensions.
Unfortunately, removing the code is often easier said than done. In many situations, webmasters aren’t even aware that their website has been compromised. And even if they do notice that something is amiss, malicious redirect scripts are often heavily obfuscated, making it difficult for website owners to identify and remove the offending lines of code.
Malicious redirects can theoretically be injected into just about any website, but WordPress sites are particularly vulnerable. There are two main reasons why websites built on WordPress are more vulnerable than most:
- Popularity: WordPress accounts for more than 30 percent of all websites, according to figures from W3Techs. The sheer popularity of the platform makes it very attractive to cybercriminals.
- Availability of plugins: A big part of WordPress’ popularity comes down to how easy it is to customize a website using themes and plugins. There are thousands of plugins that can be instantly installed by users of all levels of tech literacy. The downside is that some of these plugins contain critical vulnerabilities that can be easily exploited by cybercriminals.
To date, WordPress has 1,767 known vulnerabilities according to the National Vulnerability Database, the most vulnerabilities compared to other popular content management systems (CMS) platforms such as Drupal and Joomla.
How does a hacked WordPress redirect work?
WordPress is open, accessible and relatively user-friendly. Just about anyone who can write basic PHP can create a WordPress plugin that changes the functionality of a website. If the plugin developer wants to, they can release the plugin to the public, after which it can be downloaded and installed by other WordPress users who may have limited coding knowledge.
As you might imagine, quality can vary significantly between plugins. Some are highly secure and function exactly as intended, while others are poorly coded and/or rarely updated, leaving the websites that use them vulnerable to attacks.
A typical WordPress website redirect hack might look something like this:
1. An inexperienced developer releases a plugin.
2. A WordPress website owner installs the plugin, not realizing it contains security vulnerabilities.
3. Attackers use a bot to scan the web for specific code to identify sites that have installed the plugin.
4. Attackers inject custom code into the target websites. The code is usually inserted in one of the following places:
- Index.php
- Index.html
- .htaccess file
- Theme files
- Footer.php
- Header.php
- Functions.php
5. When a user then visits the page either via Google or typing the URL directly in their browser, the malicious redirect code is executed, sending the visitor to a dodgy website.
On top of it all, server administrators are often powerless to resolve the issue because it’s not a problem with the server — the website owner has intentionally installed the plugin code and willingly changed the functionality of their site.
And this is just one platform. WordPress is just one of the many CMS platforms affected by such attacks.
Why do hackers create malicious redirects?
There are three main reasons why cybercriminals create malicious redirects.
- Advertising money: Hackers often use redirects to drive traffic to websites that contain advertisements for dubious products or services. The criminals get paid a fraction of a cent for every ad click or impression they generate.
- Phishing: Redirects can be used to send you to fraudulent websites where you’re encouraged to enter sensitive information such as your username, password and credit card details. This information is then sent directly to the criminals, who can use this data to commit identity fraud.
- Malware: Cybercriminals also use malicious redirects to send you to websites where you can download software you may or may not want on your system. These products often come bundled with malware and/or potentially unwanted programs, which can you leave your system vulnerable to attack in the future.
What you can do about it as a user
As noted, malicious redirects have nothing to do with you as a user – it’s a problem with the website itself. That means you’re relatively limited when it comes to dealing with the issue. Nevertheless, there are a few things you can do:
- Report the issue: If the redirect has been injected recently or the website receives a small amount of traffic, there’s a good chance that the website owner doesn’t even know about the redirect. When you encounter a malicious redirect, take a moment to email the webmaster and inform them of the issue.
- Install an anti-phishing browser extension: If you do happen to click on an unwanted redirect, you want to be confident that your browser will block the malicious page from loading. Anti-phishing browser extensions such as Emsisoft Browser Security block phishing attacks and access to websites that are known to distribute malware.
- Keep your web browser updated: All the major browsers regularly release updates to make your web browsing experience more secure. Make sure you always install updates when prompted and enable automatic updates wherever possible.
- Use antivirus software: In the event that you do get redirected to a dodgy site and accidentally download malware, you need to be confident that you have protection in place to keep your system safe. Investing in reliable antivirus software such as Emsisoft Anti-Malware is an effective way to stop malware before it can infect your PC.
- Have a website of your own? Make sure you’re using the updated version of your CMS at all times and carefully check what plugins you use.
Malicious redirects are a headache for website owners and users like. As a user, you don’t have much power to fix the issue beyond alerting the webmaster, but using anti-phishing browser extensions and reliable antivirus software ensures you’re protected even if you do get redirected to a dodgy website.
Have a good (malware-free) day!
The post There’s no malware on my PC, so why does Google redirect me to dodgy websites? appeared first on Emsisoft | Security Blog.