This is the third part of the Beware Malware! series. This series will explore the various types of malware and how you as a computer user can avoid them. In the previous post we learned what malware is. In this post, I will try to answer the question “How does a computer get malware? Volumes could be written about all the types of malware and how they are spread. Common ways that computers become infected with malware include bundled software installations, peer-to-peer networking, drive-by downloads, email attachments, external devices, SEO poisoning, and social networking links.
Bundled software: Developers of free software often sell the rights to bundle other software with theirs; the free software itself may be useful and clean, but the end user may be in for a surprise if he accepts all of the default settings during installation. Bundled software typically will install things like registry cleaners1 and “optimizers,” toolbars, and security scanners. Bundled software usually can be unchecked during the installation process.
Peer-to-peer networking: Software designed to link computers to peer-to-peer (P2P) networks can open up computers to malware. In a PCWorld article written in June 2013, Lucian Constantin noted that the number of malware samples that use P2P communications had increased fivefold in the previous 12 months. It also should be noted that many of the files that are exchanged through P2P (usually illegally) are infected with malware, and often the P2P software itself is bundled with malware.
Drive-by downloads: Occasionally when browsing the web, a message will pop up informing the user that his computer is infected with viruses and offering to remove them for free. Accepting the offer will install software that often will render a computer unusable and the software will demand payment. Some drive-by downloads even can execute without any user interaction. Drive-by downloads usually work in three ways:
- They exploit vulnerabilities in the user’s web browser and/or plug-ins.
- They are served through websites. Some these sites are set up by criminals, while others are legitimate websites that have been compromised. A site may serve malware for a long time without the site’s administrator even knowing about it.
- They are served through advertising networks. Website administrators rarely place ads directly on their sites; the space is sold to an advertising network that places the ads. No reputable ad network knowingly sells ad space to cyber criminals, but sometimes things slip through the cracks.
Email attachments: Have you ever received a random email that purportedly was from UPS or FedEx? The email probably had an attachment supposedly containing information about a package, and if you open that attachment you will be in for a nasty surprise. The email attachments always should be treated with suspicion.
External devices: Devices like USB hard drives and flash drives can be infected with malware. Computers with auto-play enabled can be infected when these devices are plugged in.
SEO poisoning: There are methods that web site administrators can use to make their sites appear higher in search engine results. These methods are known as search engine optimization (SEO.) Cyber criminals use SEO to make their malware links appear high on a list of search results. This is known as SEO poisoning. These malware links appear search results for things like free iPads, free mp3s, free screensavers, and news stories about current events. Malware links increasingly are showing up in image search results.
Social networking links: Direct links to malware are not limited to search engines. Malware links also can be found through social media. Earlier today as I wrote this post, McAfee’s security blog published an article that demonstrates how one particular Facebook link leads to malware: Search for Lost Malaysian Airliner Can lead to Malware.
There are many ways to get malware and their effects can be devastating. In the next post we will examine clues that your computer is infected with malware.
1Registry cleaners and optimizers usually are worthless at best, and they often are harmful. Safe exceptions might include CCleaner and Glary Utilities, but these still should be used with caution.