The first rule of protecting your computer from infection has long been to avoid risky downloads. And while that remains good advice, it may no longer be enough to keep you safe.

We’ve known for a while that clicking on links or attachments from unknown senders can launch viruses and malware that could slow your computer’s performance and allow crooks to steal your private data, including passwords to online financial accounts. But now, many computer infections occur as people surfing the Internet land on a “dirty” website—a site that can put your personal and financial information into the hands of cybercriminals without ever clicking on any attachments or links.

That danger is highlighted in a new report by Symantec, which makes Norton online security products. “Today’s online threats include attacks that can happen silently, without the user’s knowledge,” says company official Dan Schrader. “Often just looking at a Web page is enough to trigger a drive-by download, where malicious software installs itself on the user’s computer.”

Drive-by danger

And it’s no longer enough to avoid websites you might expect to be contaminated, like those offering pornography or free Viagra. “Nowadays, cybercriminals are compromising legitimate websites to launch attacks on consumers,” Schrader tells Scam Alert.

Hackers have become adept at planting malicious scripts on unprotected sites. Those scripts then serve up malware onto the machines of Web surfers by exploiting browser security holes.

The sites listed in Symantec’s August report, “The Dirtiest Web Sites,” contain the greatest number of threats to a computer—about 18,000 different threats on average, says company official Rowan Trollope. By comparison, the typical malicious website averages 23 threats.

About half of the wickedest websites are indeed “dirty”—containing pornography and other adult-themed content—but a slight majority were dedicated to seemingly innocent subject matter, such as figure skating, deer hunting, legal services, family photo albums and buying electronics. One site for a Texas-based catering company contained more than 23,000 threats.

The dirtiest websites often have innocuous-sounding names, such as clicnews.com, fantasticfilms.ru, texaswhitetailfever.com and wadefamilytree.org. (Remember, do not enter!)

Free protection

But since hackers constantly target new sites, how can you stay safe when you’re surfing the Internet?

First, make sure that your Web browser is up to date, because many browsers’ security measures rely on a database of sites known to be dangerous.

Keeping current is easy if you use the browser that came with your computer. Apple computers, which are less vulnerable to viruses, automatically check weekly for updates, or you can also check more frequently by clicking “Software Update” in the System Preferences panel and choosing “Daily.” For PC users, Microsoft also provides an option for automatic updates for Windows.

And before you visit a website, here are two ways to check it out:

• Bookmark Norton’s Safe Web, used for the report by Symantec, which manufactures Norton online security products.

At this free service, you type a website address and get a red “warning,” yellow “caution” or green “safe” rating before you actually access it.

• Download a similar no-cost product, McAfee’s SiteAdvisor, which is especially helpful in detecting possible dangers when you do online searches with Google, Yahoo or other search engines.

Once on your computer, it also provides red, yellow or green indicators of a website’s threat level, preventing a potentially troublesome click.

Sid Kirchheimer is the author of Scam-Proof Your Life.