OK so how does malware
end
up on a computer?
Malware can install to a machine in one of two ways (or both).
Internally, by that I mean user installed. Or externally, via a vulnerability in Windows, your browser or software.
There are many ways a user can unknowingly install malware. Social engineering is by far the most commonly used (and easiest) method. Social engineering: a action that relies on a expected user behavior and user interaction to start the attack. Clicking on links or opening unknown unsolicited attachments in E-mail, falling for phishing attempts and spam. Clicking links and installing files on social networking sites, chat rooms, IRC, web sites, instant messaging, blogs etc... Not every link or attachment will contain malware but thinking twice about it will help. All it takes is to install a single trojan that will then install even more malware.
Use of p2p file sharing to download and install files to your computer. File sharing is very popular and so is distributing malware via the various networks. Files can be mislabeled or be nothing but malware or have malware bundled in them.
Installing software that has bundled malware in it. A seemingly harmless game or screensaver could install malware.
Use of warez, keygens or cracks. These are also very popular for carrying malware payloads.
Visitng questionable websites or adult sites (that are set up just to push malware) to view or download content. Clicking on webpage links or being asked by a popup or website to install software to your computer for some reason, maybe to view a video or see other content. You might be asked to install a video player, a needed codec, a activeX control. A popup warning you that your computer is infected and to install software. The social engineering tricks are endless. It is by far how most people get infected.
Ok but I dont go to those websites, I dont use file sharing and I dont click on links or attachments or fall for phishing/spam attempts. Which brings us to the second way.
In order for a external "hack" or a 'passive' infection to take place and be successful there must be some "inside help" already present on the machine. These infections might take place with out any user action and are based on vulnerabilities.
Vulnerabilites are caused by having a "unpatched" operating system, browser or software. These vulnerabilities can be exploited to push, install and execute malware on your computer.
Driving traffic to the malicious site is done in several ways: you could be redirected to a malicious website from a compromised legitimate site, clicking a link could take you to a malicious website, so can a link in spam, a blog, ads, E-mail etc. Popular search terms can also led to malicious sites. The web site then possibly could take advantage of your unpatched browser or web applicatons (Adobe Flash/Reader, Quicktime etc any application that might interact with a web site) to push, install and execute malware on your machine.
The best defense for this is rather easy: keep your version of Windows up to date by visitng Windows Update regularly or using the auto-update feature. Also keep all web based applicatons updated. The updates will 'patch' the vulnerabilities.
No "inside help" no hack can take place. In Vista and Windows 7 keep UAC (User Account control) turned on. This will prevent the malcious code from writing to and executing from the system32 directory.
For other software use Secunia's online scanner to check popular software to make sure you are using the latest version. Third party web applications are being targeted more than they use to be. Keep them updated. No vulnerability present, no hack can take place.
Ok but I am not worried about it. There is nothing on my computer anyone would want!
What about your personal data? Maybe your social security number would come in handy. Certainly a hacker could sell your financial data like banking and credit card numbers on the internet. Passwords? do you use websites that require passwords to log in? Pay Pal, E-bay, social networking accounts, a FTP account? These would certainly be valuable to use or sell.
Even if you dont do online banking, passwords etc your computer could still be used. It could be remotely controlled to send out spam which would look like its coming from your computer. It could be used as a proxy for relaying internet communications via your computer. It could be used along with many other remotely controlled computers to direct attacks against web sites or other individuals.
Malware can install to a machine in one of two ways (or both).
Internally, by that I mean user installed. Or externally, via a vulnerability in Windows, your browser or software.
There are many ways a user can unknowingly install malware. Social engineering is by far the most commonly used (and easiest) method. Social engineering: a action that relies on a expected user behavior and user interaction to start the attack. Clicking on links or opening unknown unsolicited attachments in E-mail, falling for phishing attempts and spam. Clicking links and installing files on social networking sites, chat rooms, IRC, web sites, instant messaging, blogs etc... Not every link or attachment will contain malware but thinking twice about it will help. All it takes is to install a single trojan that will then install even more malware.
Use of p2p file sharing to download and install files to your computer. File sharing is very popular and so is distributing malware via the various networks. Files can be mislabeled or be nothing but malware or have malware bundled in them.
Installing software that has bundled malware in it. A seemingly harmless game or screensaver could install malware.
Use of warez, keygens or cracks. These are also very popular for carrying malware payloads.
Visitng questionable websites or adult sites (that are set up just to push malware) to view or download content. Clicking on webpage links or being asked by a popup or website to install software to your computer for some reason, maybe to view a video or see other content. You might be asked to install a video player, a needed codec, a activeX control. A popup warning you that your computer is infected and to install software. The social engineering tricks are endless. It is by far how most people get infected.
Ok but I dont go to those websites, I dont use file sharing and I dont click on links or attachments or fall for phishing/spam attempts. Which brings us to the second way.
In order for a external "hack" or a 'passive' infection to take place and be successful there must be some "inside help" already present on the machine. These infections might take place with out any user action and are based on vulnerabilities.
Vulnerabilites are caused by having a "unpatched" operating system, browser or software. These vulnerabilities can be exploited to push, install and execute malware on your computer.
Driving traffic to the malicious site is done in several ways: you could be redirected to a malicious website from a compromised legitimate site, clicking a link could take you to a malicious website, so can a link in spam, a blog, ads, E-mail etc. Popular search terms can also led to malicious sites. The web site then possibly could take advantage of your unpatched browser or web applicatons (Adobe Flash/Reader, Quicktime etc any application that might interact with a web site) to push, install and execute malware on your machine.
The best defense for this is rather easy: keep your version of Windows up to date by visitng Windows Update regularly or using the auto-update feature. Also keep all web based applicatons updated. The updates will 'patch' the vulnerabilities.
No "inside help" no hack can take place. In Vista and Windows 7 keep UAC (User Account control) turned on. This will prevent the malcious code from writing to and executing from the system32 directory.
For other software use Secunia's online scanner to check popular software to make sure you are using the latest version. Third party web applications are being targeted more than they use to be. Keep them updated. No vulnerability present, no hack can take place.
Ok but I am not worried about it. There is nothing on my computer anyone would want!
What about your personal data? Maybe your social security number would come in handy. Certainly a hacker could sell your financial data like banking and credit card numbers on the internet. Passwords? do you use websites that require passwords to log in? Pay Pal, E-bay, social networking accounts, a FTP account? These would certainly be valuable to use or sell.
Even if you dont do online banking, passwords etc your computer could still be used. It could be remotely controlled to send out spam which would look like its coming from your computer. It could be used as a proxy for relaying internet communications via your computer. It could be used along with many other remotely controlled computers to direct attacks against web sites or other individuals.
Useful Links :
- Free anti-malware:
Malwarebytes
Spy Bot
Superantispyware
Free Antivius/anti-malware:
AVG
Security Essentials
Avira
Avast
Bleepingcomputer
GeeksToGo
Malwarebytes Forum
Safer-Networking
Tech Support Guy
What The Tech
A tool to secure IE 8.0
Safer Surfing SlideShow
2005-2010 DMA