Just how do you people manage to get malware?

Please tell me, how you fellas manage to get malware, spyware and all those of that kind? I mean you're posting here so you must be at least aware of them right?

Here I see so much being focused on these stuff these days, and yet I wonder why I don't get them.

Just exactly what do you people do to get them? I would really like to know.

Do you open nasty emails? Install a lot of unknown software? Hmm..

OK tell me some stories!

 

Where are you looking?

sans.org keeps up with malware attacks and you can get URLs from their diaries. The drive-by downloads targeting IE6 browser vulnerabilities are the most interesting to test. Unfortunately, none like that work in Opera.

These are becoming less prevalent, since IE7 has pretty much closed up the old vulnerabilities, so that newer malware is targeting plugins.

Nasty emails are no longer a source for me -- my ISP's AV and Spam filters prevent any interesting stuff from coming in.

Watch the tech blogs. I've seen several Flash exploits discussed, but can't get them to work on my system, since I have an older version of Flash, and the current exploits target the newer versions.

However, they are often packaged with other exploits such as I-frame. Here is an example. At the time of the writing, the links were still active, but now dead. You have to be quick because these days, links are often taken down in short order:

Another example of malicious SWF
http://isc.sans.org/diary.html?storyid=4477

Sometimes in gpack or mpack packaged exploits you find four or five exploits, each looking for a different vulnerability.

Another source is the DSLR Security forum -- I've found .pdf exploits discussed there in the past. Recently there were several WinAntivirus threads with a few live exploits that were interesting to watch. They aren't drive-by of course, but you can step through them and see how some people get tricked into believing a fake scan.

Others may have suggestions where you can find malware.


---

 

Downloading stuff from websites reported as dangerous by services such as wot, siteadvisor etc., looking for cracks on google, downloading stuff on hacking forums etc.

 

Everything mom said not to do,basically having sex with the PC in a really high bandwidth fiber optic way

 

Hello,

Most people do this:

1) Download a crack for program xyz - or something along the line - install this thing and then complain about the results...

2) Go to a website using IE, click yes on every prompt they receive and then complain about the results ...

Mrk

 

I will add Screen savers since it is another way by pigy backing malware,spyware,adware.

 

E-Z! Get 'click happy*'! Turn off any security you have on your puter..
That'll do it!

*Clk on ANY thing that says 'click', 'download now', FREE!, Trial!, choose Yes on any box you see, clk on any url embedded in a site, open any email you get, etc. etc. etc.

It won't take long!!

 

LOL,Yep just click a your computer has been infected scan now or simply close the window box and bang.congrats you just installed Antivirus 2009

 

I agree crack & pr0n sites are just a couple of ways that users fall headlong into then it's too late most the time even for the best AV on the planet. Those programmers of severe malware looking to create maximum disruption on the Windows platform have the blueprint they need to skip along freely year after year on these systems. But these are mostly a users gamble infection IMO.

What troubles me most is the make up of the internet itself since servers seem to be easily infiltrated and exploited even at the datacenter points in some cases.

Then theres the windfall objective; malware + windows own open door policy of available code thru extentions, executables, and API etc. equates to expanding the security business globally.

If theres no malware, moreover, if theres no avenue (O/S) for disrupting code, programs, etc. to enter and cause changes to the windows platform then there is no market for either malware or the security business. In effect, like a private telephone line, only a closed line of communication (internet) + (system) can systematically reduce those chances of forced intrusion, and it can't happen because the global community is too far along in this day to day operation of open marketing IMO.

 

There's many ways to get infected. Most of them are the fault of the user, something they opened, downloaded, clicked on, etc. Some of it uses vulnerabilities in applications like the browser or media player to get installed.

Except for the more "in your face" adware, it's seldom obvious that your PC is infected. Many PCs are infected and their users don't know it. AVs don't catch everything. Some malware can't be seen by an AV once it's installed.

 

IMO, this thread is a clone of this one:

what is the easiest/best way to get infected ?

 

Well, he doesn't use the word "infected" and he specifically addresses people at Wilders, not people in general:

So I assumed he was interested in how people at Wilders get malware for testing, because, of course, no one who frequents Wilders gets infected, right?

---

 

Oh I see.
In that case:
-check your SPAM folder, and look for attachments or for links.
-download cracks, keygens from torrents or p2p
-use IE6 and just click on EVERYTHING, starting from a porn site or a cracks site.

Also they are malware databases, but it's against the rules to post them here or use PM's, so don't ask.

Be sure to know what you are doing and have a good backup.

 

It's easy for me on test machines: no Windows update, IE6, search for pr0n, warez, etc, and download blatant malware from P2P. MalwareBytes' forums and Sunbelt's blog are also particularly good for vundo and zlob codecs.

 

I wouldn't know how I'd manage to get infected.
I avoid it.
Part of the reason for being here.
So far so good...

 

Most never get infected, well except for the dreaded cookie. Security vendors need those who look for ways to infect you, just as oil companies need car manufacturers to build cars that get crappy mileage.

Both, at any given time, one could do the other one in if they really wanted to. There are to many experts in the security field for me to ever tihink they can not make a product to make you safe. Hmmm.

 

Exactly! In much the same way Microsoft can't (but can in reality) afford to build an O/S without such limitations enough for clever makers/programmers of malware to affect some entry. In fact, it's been Microsoft's program/policy of this nature (IMO) which is spawned so many global security companies (AV/AS's) and driven even more newer security innovations/developers to what we now experience & enjoy in programs like Virtual Machines, HIPS, Behavioral Blockers, Sandboxes, etc.

A thriving global business which is now on a level that has malware makers on their heels more than at any other time since Windows first popped on the scene.

EASTER

 

Thinks, anti malware/spyware/virus killing software houses have an option to perpetuate business, release viruses .

 

Avoidance is the best defense.

But people who spend a lot of time at websites promoting:

porn
gambling
warez, cracked software

Are usually the most at risk.