How do people get infected with malware and trojans and keyloggers and the like?

Discussion in 'malware problems & news' started by Cyber Curious 2, Jul 30, 2009.

Thread Status:
Not open for further replies.
  1. Cyber Curious 2

    Cyber Curious 2 Registered Member

    Joined:
    Jul 7, 2009
    Posts:
    6
    I was reading this thread in this forum:

    https://www.wilderssecurity.com/showthread.php?t=248475

    and I was wondering if a person doesn't visit adult sites or doesn't do any other type of risky internet activity(torrents, etc.), then how do people get infected with malware and trojans and keyloggers and the like?

    And is there anything that people like the person in the other thread that was mentioned can do to protect their computers from being infected?
     
  2. Cyber Curious 2

    Cyber Curious 2 Registered Member

    Joined:
    Jul 7, 2009
    Posts:
    6
    Also, I am familiar with common security precautions such as a firewall, realtime anti-virus, other realtime anti-malware programs, and on demand malware scans, as I'm sure the person in the other thread that I had mentioned was, but yet some people still get infected.
     
  3. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,222
    Reading what people have been experiencing at Wilders, one has to be careful with mail attachments (particularly executables), compromised sites (they are legitimate, but infected), and when people download cracked versions of games and applications which come most of the time with malware (a situation where users get what they deserve).

    As far as keyloggers, I would be very careful about the physical access to my machine, sometimes friends of my friends are not necessarily my friends.

    Generally for malware to infect your computer, it has to execute first. Hence knowing (or trusting) your source, and downloading into a sandbox/ virtual volume is probably one way to check if there is any malicious activity.
     
  4. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    You know, there seems to be a mindset out there that "risky surfing=infections". As time has gone on, I'm finding quite the opposite. These days it's about social engineering/phishing. It's honestly MUCH less work for the bad guys to trick you into handing over your data than it is to try to intercept and steal it with keyloggers...it's also much easier to do. You see, the general public gets the idea of viruses and such, honestly, they do.

    What they don't yet get is not believing everything they read. That right there is the hard part for security researchers and experts. A virus/trojan and adware have one general thing in common, they make themselves known one way or another, subtle as that indication may be. Whether it be a strange outbound connection, sudden sluggishness, pop-ups, whatever, there are signs. When someone gets an urgent email from a perfectly forged email address with a professional looking website to please log in to this or that account, there are also signs...after the damage has been long done.

    Viruses, malware, all that I believe will eventually fade away, replaced by the easier, cheaper, less risky for the bad guys method of scamming your pockets dry instead of "pickpocketing" you by way of keyloggers and such. That's my own opinion though.

    To answer your question, as far as getting infected even when surfing safely, it's all about browser security/configuration. That means not allowing scripts to run freely, making sure you get all the patches released, updating any and all plugins like Flash and Java. A secure and properly configured browser will keep you just as safe as any HIPs, sandbox, antivirus and anti-malware application.
     
  5. Keyboard_Commando

    Keyboard_Commando Registered Member

    Joined:
    Mar 6, 2009
    Posts:
    690
    ^^ agree with this 100%

    If part of your daily browsing includes using social networking sites ... Facebook, Myspace, Twitter, Bebo, Live Journal, Last FM, etc, or video sharing sites such as Youtube ... I think you have to be on your guard and do not go willy nilly clicking links to external websites, video clips, etc. The recent Michael Jackson death for instance.

    Another scam to be aware of is the amount of fake Anti Virus' and computer security tools that appear in Google/Yahoo sponsored adverts. Almost every top rated security tool out there has a scam twin just waiting to rip you off or wreck your computer.

    There are several free tools that can help protect you though.

    WOT - "WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free." http://www.mywot.com/


    Sandboxie - Sandboxing your browser from malware (freeware)

    * Secure Web Browsing: Running your Web browser under the protection of Sandboxie means that all malicious software downloaded by the browser is trapped in the sandbox and can be discarded trivially.

    * Enhanced Privacy: Browsing history, cookies, and cached temporary files collected while Web browsing stay in the sandbox and don't leak into Windows.

    * Secure E-mail: Viruses and other malicious software that might be hiding in your email can't break out of the sandbox and can't infect your real system.

    * Windows Stays Lean: Prevent wear-and-tear in Windows by installing software into an isolated sandbox.

    Sandboxie is much touted on Wilders, and for good reason, practically no one has cracked it's protection! A must have, IMO http://www.sandboxie.com/

    OpenDNS - This is much the same as WOT, except you do not get the visual warning/rating for each site before entering. OpenDNS simply won't let you enter known dangerous websites. OpenDNS can also be used on a childs computer to prevent them entering adult websites. http://www.opendns.com/ (free service)

    • There is a good guide here as to how to secure your PC.

    • A good guide to current Anti Virus software here

    • Firewall guide here

    • Spyware/Malware scanners here

    • Great list of freeware security tools, by Wilders member Ako here

    Tally Ho
     
  6. Cyber Curious 2

    Cyber Curious 2 Registered Member

    Joined:
    Jul 7, 2009
    Posts:
    6
    Alot of good stuff here. Thanks for all the info everyone.
     
  7. CogitoTesting

    CogitoTesting Registered Member

    Joined:
    Jul 4, 2009
    Posts:
    901
    Location:
    Sea of Tranquility, Luna
    My friend you do not even have to visit the sites that you referred to. A good website could be hijacked and loaded with drive-by download malware; and anyone who ventures to its URL could be a potential victim if that person does not adequate protection.
     
  8. ASpace

    ASpace Guest

    An example >>> http://www.youtube.com/watch?v=1roTgk_SrMw&feature=fvsr
     
Loading...
Thread Status:
Not open for further replies.