what is the easiest/best way to get infected ?

Everyday I read posts by people who say " I have been using XYZ AV, AS whatever for the last 75 years and it has always protected me "

well I don't have any software firewall, no realtime av, no antispyware programs, no hips...... and yet I have never been infected nor had my personality stolen.

So - without cheating - what is the best way to get infected ? The only rules are that (1) the method of getting inected must be normal i.e general surfing, downloading etc -- the sort of thing that an ordinary user might be expected to do. (2) I won't turn off my hardware firewall and (3) I will continue to use Firefox and noscripts.

 

for what experienced i noticed that most of the people that says they get infected from p2p downloads or games on the net and file sharing in hotmail messenger and emails with infected attachments.also chats like yahoo.

 

Nice post .I'm waiting to see the methods also.
Since u will use No Script i think browser infection are off.
I can't think now only at running an infected .exe.Let'say from a warez site.
Not sure if u consider that normal,but many people do.
Also some IM(yahoo,probably other clients also) kiddies are possible.I've seen them.

 

I would have to say downloading screen savers from various unknown sites and a good chance of malware piggy backing.

 

now the best way to avoid getting infected is to lockdown systems preventing any changes to system or regs blocking some file extentions may also help to achieve your gold of not getting infected.
note:for those who use malware defender they could use the silent mode and only
allow aproved programs and denny the rest, the unknown.

 

I guess you could open up a P2P application and start downloading random stuff (software, music, etc.). At the same time, you can visit warez/porn sites, MySpace, and other sites where there are lots of social networking going on.

 

Not to forget USB devices...they often carry worms.

 

If you mean bittorrent (utorrent,azureus) that is safe.Downloading won't get you infected.Running infected application will.
I download movies and music all day.

 

Yes this looks like a real danger.Will "Disable Autorun"do the trick,or is it not enough?

 

what about limewire?

 

Generally yes, but if you open that Documents.exe file with a folder icon in the folder Documents...you're infected.
And if don't show known file extensions is enabled the documents.exe will appear only as Documents.

 

Downloading and running bunch of "keygens" or "cracks" from random warez sites (or via P2P) or browsing pr0n should do the job really fast.

 

Best way to get infected? Several come to mind.

• Use a P2P and download executables. Open and launch results that are obviously the wrong apps.
• Set up a disposable web e-mail account. Yahoo's AV always seems very out of date and is easy to bypass. Post that e-mail address in forums, newsgroups, crack sites, etc. Open whatever shows up.
• Download software cracks and key generators, then open them.
• Using a copy of MVPS or another good hosts file as a source, visit the links it would normally prevent you from reaching, especially anything with "CoolWeb... in it.

I do hope that you're using a dedicated test unit for this, one that contains nothing of value.

 

Another thing...

Regarding P2P, you can actually get infected also with supposely harmless Mp3 and avi files. Someone I know got a few of those some time ago, they mp3 where detected as Trojan.Win32.WMA downloader and avi as Trojan.Win32.GetCodec or something similar, don't remember exact names, so not only executables are dangerous.

 

One of the best ways to get infected...go surf some pr0n and when you end up having to download a codec to view clip.....bam you are hosed

Quick need pr0n...whats this codec...yes need pr0n...download codec to view....Ohnoes!!!112 Cyberclap ineffect for not practising safe hex

 

I remember long time ago in my first days of using bittorrent i've downloaded(something sensational i thought at that time) a "Britney Spears etc..."which was described as a movie.The File had a movie icon(Media Player Classic is associated with it on my pc),but it was an .exe.I didn't notice when i unpacked it.I don't know how it was made.Luckily i used an AV which stopped it when i open it.
Also i've seen and this can happen with every download,trojan launched when i unpacked the .rar file ,without running what was inside.This certainly was concerning.

 

I recall a survey dealing with attack vectors some time ago, and the results were rather predictable.
Overwhelming majority (+/-90%) of infections were via infected email attchments.
Second source (+/-10%) were via DLs of nasties.
Note: This was a survey in business environments, hence no P2P / file sharing threats reported.

 

Lol there should be an official thread somewhere with a whitelist of safe porn websites...you can already get combinations of the porn and youtube words

 

Easy ways to get infected:

1.- USB drive infected with autorun.inf
2.- P2P, specially if you download cracks and warez, but sometimes mp3 are infected.
3.- Since you are using Firefox and NoScript, browsing is less likely to infect you, but if you try to watch some video and it asks you to download a codec, that's a pretty easy way to get infected.
4.- Related to "3": you get an infected attachment, download it and execute it (nowadays they use the youtube-like video and you hit play but are really clicking to a .exe path)
5.- Instant Messaging worms

In the past, I've been hit with 1, 2 & 5.

 

Make sure your software hasn't been updated in a while.

Most people who get infected while surfing use IE (not fully patched).

Installing codecs as mentioned above will almost surely lead to your system becoming compromised.

 

How does a USB get infected with an autorun.inf? Also, will a AV/AS scan of a .zip or .rar let you know if it's infectted before opening?

 

Thanks - quite a list. The main connection that I see linking each of the methods is that they are all essentially voluntary. If you don't go to warez that is one possibility off the list. If you don't open attachments from unknown sources and your mail provider checks them first that's another off the list.

Athough I have a number of machines working at any time I hadn't realised just what I was missing. I think I can live withou p2p, messeger chat and the rest.

 

Tons of exeuctables on the Gnutella network are infected... they're easy to spot, too.

 

cracks and warez are the easiest way.
i was given this task at college on some test machines.
at the end we installed the lastest antimalware tools.
nothing was found. that is until i started clicking the .exe files
the best searchs are like "nero serial code" etc.
or better still get a windows xp cd without any service pack and get hit by the blaster worm

 

Hoax Warnings.

Feel free to correct me/them (we're not talking of codecs here, isn't it).