I have had several people how they get infected in the past few weeks and I have scoured the internet to try to come up with some answers. There are several ways to get infected and we will discuss them all here. In case someone wants to get a better idea on how to avoid these commons ways of infections
What is an Exploit?
This by nature is the first thing we need to discuss because exploits are most common with Malware due to the fact that they like to use them to gain control over an Application or computer.
An Exploit is a piece of software, a chunk of data, or sequence of commands that take advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic (usually computerized). This frequently includes such things as violently gaining control of a computer system or allowing privilege escalation or a denial of service attack.
[Via Wikipedia]
Now it can come from several vectors that I know of and it doesn't just have to be one but has to have several different programs running to happen. You see malware authors like to write code to crash your system in a way. Just like a
Remote Code Execution, when they run the code it does something to the computer to make it install software without the users knowledge or permission. When Remote Code execution happens it is most commonly used to take control over a
computer process where the program is located in memory or on the hard drive.
Opening a PDF
As you explore the internet you may come across sites with PDF's that are there to hide there true nature. Just like the
H1N1 Virus that is epidemic in the US, Malware authors are using PDF to run a number of possible exploits on people computer. There are a number of exploits that can be used in PDF and even examples for those who want to understand it even more. It however means you
should turn off auto-load PDFs in your browser. Any browser will auto load PDFS without having to open a new session it will load in your browser without as much of a warning.
Fake files name
I don't know what else to call this but you get an email with what looks like it is a picture but that isn't always true. For example you would get a email from a friend and it says it is a document and may look like documentname.doc.exe which will also use an ICON that looks like a document and may fool you. See the
Hidden File extensions that need to be fixed in Windows 7 for examples of what I mean.
Fake Codecs
Codecs are a necessity to view videos but most often are not real. [intlink id="2991" type="post"]Fake Codecs[/intlink] are a way to get you to install malware when you actually think it is a codec. Install fake codecs can lead to trojans, virus, or even key loggers. I've talked abut this from time to time but figure it would be good to remind people about this.
Installing Fake Antivirus Software
Sometimes you may get to a [intlink id="3964" type="post"]site that may look like it is a real antivirus[/intlink] but it in reality is a [intlink id="3713" type="post"]scam and will scare[/intlink] you into buying there product. Sometimes the [intlink id="3114" type="post"]Scareware will say you are infected and send you a file to run to help protect you,[/intlink] if that ever happens don't run it. You should never run programs from sites that you have never heard of. Always go to trusted vendors first or at least Google for the product name before you install any questionable software.
Website tries to use web Browser exploits
Just like
WebAttacker uses scripts to try to exploit several different known exploits in IE and other such Browsers. This is the most common way to get virus or trojans to be install into a computer. That is why I will always recommend getting away from IE and running
Firefox or some other low profile web browser
Windows Up to Date
It is very important to keep you
Windows System up to date. That said you got to understand that if you don't keep your system up to date there will always be an increasing possibility of getting an infection. Due to the fake that malware authors right after
Patch Tuesday will know exactly how to
exploit a system that hasn't updated there windows system to current. Install Service packs and other patches is the one way to keep malware authors at bay.
In one of my next posts I will recommend software to use to help prevent some of this or even how to disable some of the most common exploits. If you like this post please feel free and tell you friends so they may also learn more about Computer Security.
[ad#SUPERAntiSpyware]
Paul Sylvester
