As the popularity of social-networking websites such as Facebook and MySpace continues to grow, many webhosts now display user-generated content and/or links to third-party content on the websites they host. In a typical scenario, a webhost designates a website to a user, and the user provides the content to be displayed at the designated website. The content can include text, audio, and video data, and instructions to access content located at one or more content sources. For example, the instructions can include a uniform resource locator (URL) link to a news article or to a restaurant review posted on a different website. The visitors to the user's website, typically the user's friends and acquaintances, but also strangers in some situations, can view and/or download the displayed content. They can also follow the links in the instructions to other content sources, and access content provided by those sources. In this way, a user can share his or her knowledge, information, and sources of entertainment with the user's friends and others.
Not all uses of such functionality are benign, however. Instances in which a user uploads malicious content such as a computer virus or malware on to the designated website are well documented. Some users also provide links to sources configured to infect a visitor's computer with malicious content—sometimes purposefully, and other times unknowingly. When a visitor accesses the uploaded content or identified site, the malicious content can cause harm to the visitor's computer or mobile device. For example, a virus may be downloaded onto the visitor's computer and may destroy the visitor's data. In other instances, a malware program may be covertly installed and, without authorization from the visitor, track her on-line activities.
One way a visitor to another person's webpage can protect himself is by installing commercially available virus/malware protection software. Such software typically detects malicious components in files being downloaded onto the visitor's computer and prevents the download and/or alerts the visitor of the presence of the malicious component. Some malicious components, however, may go undetected by the virus/malware protection software. Moreover, this method requires an Internet user to actively purchase, install and maintain the most up-to-date version of a virus/malware protection software. If such a program is not installed, or is disabled—not an uncommon practice among many Internet users—virtually no protection is available to the visitor.
Even if the most up-to-date virus/malware protection software is used, it only inspects files being downloaded, and does not inspect an electronic source (e.g., a webpage) associated with a link supplied by a third party. Such a webpage can be a phishing site (i.e., an unauthorized website masquerading as a different, authorized website). A visitor to a malicious content provider's website may unsuspectingly follow a link to a phishing website, and may unintentionally reveal his or her personal information to an unauthorized party. A virus/malware protection software typically cannot provide protection in this situation.
Another way to provide protection to visitors is to employ a scanning service to scan web pages on the Internet. This service can detect websites containing malicious components and/or phishing websites, and may report the detected websites, but usually cannot remove or disable such websites. Unless a visitor checks the report generated by such a service prior to visiting a webpage, either manually or automatically, the user is not protected from exposure to a malicious webpage. In addition, a website designated by a host to content provider is commonly password protected and although visitors registered with the host can visit the designated website, it cannot be scanned by a scanning service. As a result, the scanning service does not offer substantial protection to the visitors of the protected website.
Finally, scanning services typically run only periodically, leaving a visitor vulnerable to exposure to recently uploaded malicious content. For example, a content provider may upload malicious content to his or her designated webpage. A person visiting the designated webpage soon thereafter, before a scanning service has scanned the designated webpage, would expose himself or herself to the malicious content. Thus, the scanning service generally does not provide real-time protection to visitors. Therefore, there is a need for improved systems and methods for providing protection to Internet users from malicious content present at sites accessible to them.