More often than not, the first question people ask me when I tell them their computer is infected is ‘How did it get on there?’
Usually it’s a question with no obvious answer, although most of the time one of the following 5 methods will have been the route of infection.
Infection route 1: Malicious Email attachment
In the past, the senders of email based viruses weren’t particularly inventive. An email with the message ‘Hey, check this’ and the attachment ‘AnnaKournikova.jpg.vbs’ was enough to infect millions of computers back in 2001. Very few internet users would fall for such an obvious scam message today.
Modern email viruses try to look like they come from legitimate businesses like Amazon, Google, Apple, Microsoft, PayPal, eBay, banks or government agencies. Recently, millions of people were sent an infected email pretending to be from HMRC with the message along the lines of ‘you are entitled to a tax rebate, complete and return this form.’ The email itself was an exact duplicate of a genuine HMRC email and thousands of people opened the attachment and were infected.
Another technique used increasingly is the ‘shocker’ email which is designed to overcome the natural suspicion of the reader by giving them information designed to unbalance or panic them. An example of this was an email from amazon thanking the user for their £2000+ order, ‘your invoice is attached’ the email says but the attachment is a virus. As with the HMRC email, the text, images and layout of the email was almost identical to a genuine amazon confirmation email.
What to look out for:
Most infected attachments come in as zip files or other compressed formats. If the attachment ends with .zip, .rar, .tar, .7z or another compressed format, be very suspicious and ideally confirm the contents with the sender before opening.
Infection route 2: Fake browser plug-ins.
Some websites require specific plug-ins to display properly. Users have become used to being prompted to install such things as Shockwave, Flash, or Java to enable websites to display properly or loading a plug-in to play an online game. When a website informs a user that a plug-in is required to display a video, that message is not in itself immediately suspicious, however many computers are being infected by users downloading and running fake plug-ins.
There are a few ways intended victims are lured to the website containing the fake plug-in, but the most common way is by links appearing on internet forums, discussion boards or social media with a link to some ‘must see’ video: “7 year old kid can play like Messi” “Drunk Miley Cyrus completely loses it with photographer,” “Woman catches husband cheating – You won’t believe what she does next!!!” etc.
Generally the title is tailored to the target audience of the site to maximise the chances of someone clicking on the link. Once they do, they’re informed that they need a plugin to watch the video and, if they agree, the virus gets downloaded onto the computer.
What to look out for:
Be very suspicious of any website that informs you that you need a download to view a video. If the plug-in you require is a well established one, go to the official website of the program and download the plug-in from them.
Also, check the address bar of your browser to see if it matches the logo or description of the site you are supposed to be on. For example, there are many websites that spoof the youtube logo and layout but they can’t spoof the address bar, so any address claiming to be youtube that doesn’t start http://www.youtube.com should immediately ring alarm bells.
Infection route 3: Fake or infected programs
Similar to the fake plug-ins, fake programs work by tricking the user into downloading them and installing them onto their computer. The most common examples of these types of programs, ironically enough, are viruses that claim to be anti-virus and security programs.
Infected programs are a little more subtle because they do actually provide the user with a useable piece of software however the user also unknowingly gets the virus as well. The most common types of these programs are file viewers or conversion programs. Normally, these viruses try to stay hidden and do whatever they were designed for without the user knowing, for example sending out spam emails or participating in botnet attacks.
The most common method that the creators of these types of virus use is to create a website with downloads of their fake or infected programs and then put banner ads on other websites to lure victims in. These websites are designed to look legitimate and often use excellent SEO to get them – at least temporarily – onto search engines like google and yahoo. Another increasingly common method is to infect legitimate websites and use them to host the links to the viruses.
What to look out for:
Before downloading a program you haven’t heard of try searching for reviews of it on a search engine. Don’t trust the reviews on the download site, if the program is fake then the reviews on that site are going to be fake as well. When downloading a program, always save it and scan it with an anti-virus package before installing it rather than allowing it to download and run automatically.
Infection Route 4: File sharing websites.
When most people hear the words ‘file sharing’ they immediately think of sites like The Pirate Bay, however many file sharing websites have no copyrighted material and are simply sites where people can share programs, art, literature, music, or other material they’ve created themselves with other web users. Regardless of whether the download is breaching copyright or not, there is a possibility that the download is, or contains, a virus.
The methods for luring in victims use some of the elements of plug-in and fake program types of virus. Links to viruses disguised as fan fiction, game mods, original music or ‘unseen footage’ of celebrities are often posted on fan sites or online communities. Also, since many large file sharing sites have a search feature, it is possible for someone just to upload a virus that they claim is a genuine piece of software, music, video or other media and let unsuspecting visitors to the site find and download it themselves.
What to look out for:
Many file sharing sites have feedback, comments or reporting systems, check these out. If a file has been on a website for months and downloaded a lot and nobody has reported it as either fake or a virus, it is probably safe to download (scan it before running it anyway). If nobody wants to download it, or if people are saying it is fake or a virus, you’d probably be best to avoid it. If the link to a file is on a forum or message board, ask if any other user has downloaded the file and what they thought of it, they’ll soon tell you if it was a virus.
Infection route 5: Out of date software
Virus creators are always looking for ways to get into your computer, and as people become more internet savvy and security conscious the task of tricking the user into downloading or opening something becomes more difficult. Rather than trick the user, they attempt to trick the software to allow viruses into the computer.
In the past year, exploits of popular software packages like Adobe Reader and Java have led to millions of computers being infected with Trojans, rootkits and viruses. These exploits can be rectified with updates from the software developers, however users who do not update their software continue to remain vulnerable to the exploits.
With Windows XP soon to be unsupported, some security experts believe that XP could become a virus writers’ paradise.
What to look out for:
The only thing you can do is keep your software up to date. It’s really that simple. It is usually possible to automate the update process so keeping your software up to date is fairly easy for most programs. If you don’t want to automate the process, keep a schedule to update your software manually, particularly Windows, Microsoft Office, Java, and Adobe Reader, Acrobat and Flash.
There are many ways that the creators of viruses will attempt to get them onto your computer, so hopefully the information above will help you spot them. I’ll leave you with three pieces of advice that should help you lower the chances of your computer getting infected.
1. If it looks too good to be true, it probably is
2. If you think there’s something dodgy about an attachment, link or download, there probably is.
3. If you think the information on a webpage is trying to trick you, it probably is.