Four Ways Your Computer Gets Infected and Why Not Even Symantec Can Save You

December 13th, 2011 by William Reyor

Installing software directly from an untrusted or source:

  • uTorrent
  • BitTorrent
  • Shareaza
  • BitComet

When users of file sharing networks (such as the above-mentioned) download software from these networks, there is no way to verify that the software you are downloading does not also contain malware, adware, rootkits, or viruses.

Many users believe that simply having updated antivirus software will protect them, but this is false.

Antivirus software can only protect you from known threats.  If an antivirus company has never received a sample of a particular malware, or they have not yet released a signature /definition update, you will be unknowingly infected.

Installing “free” software which contains “Greyware”

  • Free screensavers
  • Free desktop pictures
  • Free weather reports and alerting
  • Free toolbars

Getting something “free” is an idea that can motivate rational people to do irrational things. We find this especially when users start to personalize their desktop computers with screen savers, photo applications (such as webshots), weather applications (such as weather bug) and similar free applications. In a frenzy to get these applications installed, many users don’t realize they’ve also installed bundled tracking software, and toolbars.


Enjoy the spam: The developers of this type of software generate profit by collecting and selling your information.

To make matters worse, these toolbars and tracking are often poorly written, and poorly controlled. By exploiting weaknesses in this poorly controlled ecosystem malware writers are able to push malicious software directly to your computer.

Nothing is free, not even the free stuff. Even without the inherent vulnerabilities created by installing this type of software your information is still being bought and sold

Digital Drive-By: The mystery infection

  • Reader
  • Adobe Flash
  • Foxit PDF reader
  • Firefox
  • Internet Explorer
  • Java

When accidentally installing a malicious program or file, users typically understand right away what happened and what caused the infection. It’s a simple matter of I clicked on this, and now my computer doesn’t work.

Drive-by infections are a different beast entirely; they work by exploiting a known or unknown vulnerability in your Internet browser or in a plug-in loaded by your browser such as Java, Adobe Reader, and Flash.

These infections can come from trusted websites, newsletters, and emails. This is because poor controls currently exist in the way web advertisers publish their advertisements to websites. Cyber criminal often will go though great lengths and set up entirely fictitious companies tricking the advertising agencies into thinking the advertisements are legitimate, when in fact they are not. We find that this type of infection by far to be one of the most prevalent.

Cons & Social Engineering

We all like to believe that we’re smart enough not to be duped or conned into giving away our information or installing malicious software on our own computers. The fact is however that spammers, scammers, and hackers use cons and social engineering because it is by far one of the easiest methods to control your behavior.

Don’t believe us? Try this simple 10-question phishing test by our partner SonicWALL.

Did you get even one question wrong? Congratulation you’ve just been infected, all your personal information has been compromised and your computer is now a drone in some cybercriminals botnet.

Prevention: The Do’s and Do not’s

  • Do install the latest updates for Microsoft, Flash, Adobe, and Firefox
  • Do Use antivirus software and make sure its up to date
  • Do back up your files regularly
  • Do create a separate non-administrator account on your computer to take care of your normal day to day tasks
  • Do not ever download software from untrusted sources
  • Do not install ad-supported freeware
  • Do not let your guard down
  • If there’s ever a question if an email is legitimate take the two minutes and call the company or person who sent it to verify
  • Cons and cybercriminals exploit our natural good-natured personalities to our detriment

References:

http://www.howtogeek.com/howto/2998/how-does-spyware-malware-or-crapware-get-on-my-computer/
http://www.bleepingcomputer.com/forums/topic2520.html
http://lifehacker.com/5410941/protect-yourself-from-drive+by-browser-malware-attacks
http://www.theregister.co.uk/2009/02/24/doubleclick_distributes_malware/
http://www.symantec.com/connect/articles/social-engineering-fundamentals-part-i-hacker-tactics

Tags: , , , , , , , , , , ,

One Response to “Four Ways Your Computer Gets Infected and Why Not Even Symantec Can Save You”

  1. Mike Sharek says:

    Good stuff Bill. I’ll be sure to share with others.

    -Shrek

Leave a Reply

You must be logged in to post a comment.