What's the worst that can happen when you visit a sketchy site?

Question

Although this doesn't happen very often, on occasion, whenever I visit a new website when looking for information, it turns out to be one of those malevolent ones that attempts to open up several pop-ups and redirect you to who-knows where. Whenever this happens, I usually close the browser immediately because I don't really know what these kinds of sites are doing when you visit them. I don't know much about internet security, so I don't really know the extent of what these websites are capable of doing when you simply visit them in the browser. I imagine that they probably have some kind of malicious JavaScript on the page that the browser attempts to run, but once again, I don't really understand what it's capable of.

For example, is it possible that I have a keylogger on my system now? Did it plant some kind of cookie in my browser that will try to extract information from other sites I visit? Am I part of a botnet now? I understand that these are extreme examples, but I just really don't understand the extent of what these kinds of websites can do by simply visiting them.

Additionally, do you have any advice or sequence of actions I should take whenever I do accidentally stumble into one of these sites?

Answer 1

is it possible that I have a keylogger on my system now?

It is highly unlikely that a virus was installed through the browser, unless you have answered Yes or OK to some dialog.

The maximum damage possible is the installation of a malevolent extension in the browser, but modern browsers require some human interaction and authorization for that.

You may check the extensions installed in your browser, but as in the majority of the cases the extension will change your starting page, if this didn't happen then you are likely uninfected.

Nevertheless, for a peace of mind, you may run a few antivirus scans by well-known companies like Malwarebytes.

Did it plant some kind of cookie in my browser that will try to extract information from other sites I visit?

Cookies are static and not active, and relate only to their website. No problem here.

Am I part of a botnet now?

I would say 99.9% not. But keeping an eye on the behavior of your computer, chiefly on the consumption of Internet bandwidth, is in general a good idea. Immediately closing your browser was well done.

Additionally, do you have any advice or sequence of actions I should take

One protection is to set your browser to disable pop-ups. Another is to disallow websites you don't know from running JavaScript without authorization, by using an extension like NoScript that also keeps a white-list.

Answer 2

The worst it can happen is most probably Arbitrary Code Execution, or to be more precise Remote Code Execution (RCE). A malicious website could exploit a flaw in your browser's JavaScript engine, or CSS engine, or graphics engine, etc, and be able to execute arbitrary code on your machine.

After gaining RCE, the possibilities are endless. Anything could be done to your machine, granted that you keep your browser open long enough and stay enough time on the malicious website to complete execution of the exploit.

For example, is it possible that I have a keylogger on my system now? [...] Am I part of a botnet now?

It's very difficult and very rare, but those things can potentially happen.

do you have any advice or sequence of actions I should take whenever I do accidentally stumble into one of these sites?

Don't stumble into them in the first place. Learn to distinguish a good link from a bad link. Other than that, if you happen to stumble upon such a website, the most intelligent thing to do is to close it immediately, and if you're really paranoid close the browser or even shutdown the computer itself immediately. Other than that... well, run a good antivirus and content blocker, like for example uBlock origin.