Can HTML Files Contain Viruses – No.

The Internet has an abundance of websites today, and you might have heard of HTML – “That thing used to create web pages”. So, if you receive one of these HTML files as an attachment in your email, should you be concerned? Is it possible for HTML to contain viruses and infect computers just by visiting a website? Well, you can relax a little.

No, it is impossible for HTML files to contain a virus – Since HTML is literally just “plain text with formatting” and will never be executed. But it can still be misused in many ways, with possible threats such as phishing, masquerading, and even redirecting to download an actual virus file.

 

So the smart way is to scan an HTML attachment file with an anti-virus before opening and avoid all the fishy websites. The even smarter thing is to educate yourself more – Read on!

 

 

REAL QUICK TUTORIAL

 

TABLE OF CONTENTS

HTML & Virus Possible Threats Not Really Safe
The End

 

HTML & VIRUS

All right, let us now get started with the basics – Just what is HTML and what is a virus?

 

WHAT IS HTML?

In short, HTML stands for “hypertext markup language”, but that is for people who want to look like cool geeks. In layman’s terms, it is nothing more than plain text with some formatting included. An example will speak a thousand words:

simple.html
<p>
  This is some <strong>text</strong>. Hello world!
</p>

If we open the above HTML file in a web browser, it will look like this:

This is some text. Hello world!

All the <p></p> <strong></strong> are what we call “tags”.

  • <p> is used to mark the start and end of a paragraph.
  • <strong> to mark where to put emphasis and bold the text.

Yes, and that is HTML in a nutshell. Plain text with a bazillion formatting tags – Paragraphs, sections, lists, tables, images, videos, etc…

 

 

WHAT IS A COMPUTER VIRUS?

Let me do a quick quote from good old Wikipedia:

A computer virus is a type of malicious software that, when executed, replicates itself by modifying other computer programs and inserting its own code.

Yep, in short, a computer virus will only infect the computer when you open the file unknowingly – Giving it permission to run and modify other programs, or even the system files.

 

HTML CANNOT CONTAIN VIRUS

  • Repeat – HTML is essentially just plain old text.
  • HTML is not an application, it is not executable,
  • HTML cannot change the system settings nor files, thus cannot “infect” the computer in any way.
  • Therefore, they are technically safe… But you can count on the Internet to make it unsafe in many creative ways.

 

POSSIBLE THREATS – WHY HTML IS UNSAFE

The technology itself is safe. But it is the “bad creative ways” that make HTML and some websites unsafe. Here are a few common threats.

 

1. PHISHING

For you guys who do not know what phishing is, it comes from the word “fishing” – Literally, “fishing” for confidential information that will cost you. HTML may be safe, but not in the hands of “creative bad people” who come up with nice looking HTML forms to harvest information. These will usually come in the shapes of “you have won a grand prize”, “you have broken the law”, “redeem the discount coupon”, and “free trip to somewhere”.

 

 

2. MASQUERADING

Masquerading is a technique that the “creative bad people” use to make themselves look like legit companies or people – Either to trick others into phishing or to download a certain “update file” that is actually a virus/trojan.

 

3. MALWARE/TROJAN DOWNLOAD

HTML cannot install nor run anything without your permission. So what’s the next best thing for the “creative bad people” to do? Using masquerading techniques to fool people into downloading the actual virus file – and install them willingly.

 

4. HIJACKING

Social media is big these days, and you might have an account yourself. But ever heard of how people’s accounts can “get hacked into”? Yep, account hijacking is possible. Nope, not by opening an HTML file, but by clicking on a phony link and giving the “creative bad people” permission to access your account.

 

 

5. A LOT MORE…

The wonders of technology. The camera, microphone, GPS, push notifications, and whatever else. The reason why I bring this up is that – Yep, HTML/Javascript these days can access your smartphone/tablet/laptop/desktop webcam, microphone, get the GPS coordinates, and even push spam notifications.

But not to be worried, you need to first grant the access permission manually, and even revoke the permissions later. So long as you don’t give the shady ones access permission, there is nothing they can do… But you can count on the “creative bad guys” to come up with many ways to abuse the system. It is actually kind of exciting to see what they will do though. 😆

 

CONCLUSION – HTML IS NOT REALLY SAFE

There you go. HTML itself may be technically sound, but the information contained within may not be. One wrong move and you will land into a world of troubles.

 

PROTECT YOURSELF

When you are unsure, never ever:

  • Submit the form contained within.
  • Click on the links contained within.
  • Download files in the links contained within… Or worse, run the downloaded file.
  • Give permissions to access something.

In short, if something smells fishy, delete it and don’t ever touch it again. Also, things will change as technology grows – For example, access to the webcam, microphone, and GPS. So, who knows what the future will hold? There will always be “creative bad people” around, and it does not hurt to be a little bit more cautious.

 

 

FREE ANTI-VIRUS

If you have not installed an anti-virus, please do so now. There are many free ones on the Internet, and any lock is better than leaving the door wide open.

 

INFOGRAPHIC CHEAT SHEET

Can HTML Files Contain Virus (Click To Enlarge)

 

THE END

Thank you for reading, and we have come to the end of this guide. I hope that it has helped you to better understand, and if you want to share anything with this guide, please feel free to comment below. Good luck and happy surfing!

1 thought on “Can HTML Files Contain Viruses – No.”

Leave a Comment

Your email address will not be published. Required fields are marked *