sO if one gets an email, one htat doesn’t have an attachemnt, and clicks a link in it- that goes to a site that doesn’t have autmatic download that runs- one can’t be infected with anything?
Going back to my original post that was deleted- we got an email from a friend that said simply ‘thanks- got the message, please check out such and such a site- and it had a link- clicked the link, and it brought us to a Ukrainian website (didn’t notice the .ua in the link- apparently it was from Ukraine site- the page was blank except for some random stupid message on top that would update to a new one l ine random message if the page was refreshed-
Is there any need to be worried about a page like that? nothign was autodownloaded- no warnigns popped up- and i’ve run the link through basic online link scanners that showed htere was nothing nefarious on the site uspposedly
Let me step through each piece of your scenario:
If an email doesn’t have an attachment, it’s just a long string of text. Even with an attachment, an email is relatively benign, as any code in the email or the attachment doesn’t just spring to life upon delivery. It’s a payload or a brick of C4. It could be harmful in the right conditions, but its mere existence does not beget tragedy.
You click on a link in the email. The first question that I’d ask is, “Did you look at the URL? Do you know where it’s taking you?” You go on to say you did not and clicked. Here’s where things get muddy. Every web browser functions slightly different from the next. Internet Explorer, for instance, is very permissive by default, so if there was embedded code in the form of Javascript or Java, it likely executed, regardless of its purpose. Firefox and Chrome, on the other hand, will often gently tap the breaks or outright deny access to a site that’s been compromised if it was reported as such. Existence of a site in the Ukraine is not, by itself, a reason for concern. Remember, however, that a site’s name and its hosted location don’t have to be the same. It would take me less than 5 minutes to register a domain in the .ru or .tk top-level domains and point it back to an IP that resides in the US or the UK or anywhere else in the world.
Finally, modern exploits don’t use downloads anymore. Malicious code embedded in the website or even in advertisements can trigger behavior behind the scenes that opens up your computer to being exploited. By virtue of just going to a website or having an advertisement pop up on your screen, you could be compromised. The importance of ad-blocking software that works with your browser cannot be understated. Web companies will grouse that you’re taking away their revenue stream, but you’re protecting yourself. Too many incidents have been reported in the last few years of advertising networks selling ad space to malicious entities who then go on to infect thousands of systems, turning them into botnets. I suggest AdBlock Plus as well as NoScript to prevent the execution of scripts in your browser without your permission.
Bottom line, you might not have anything to worry about, but there’s a small chance that website embedded a cookie on your system or executed some code that could later be used to turn your computer into a botnet zombie. Online link scanning sites are just aggregators of bad endpoints. Check it again, wait a week, check it again, wait a month... if it keeps coming up as “clean,” then it’s likely nothing to worry about. In the interim, run scanning utilities on your system such as Malwarebytes, CCleaner, and provided you have it running, Windows Defender. Also check the Windows firewall and review all of the ports and programs permitted access to the open Internet. If anything looks out of place, disable or delete the rule. If something goes awry with your computer, you can always add the rule back later.