what is the easiest/best way to get infected ?

Discussion in 'malware problems & news' started by Long View, Sep 12, 2008.

Thread Status:
Not open for further replies.
  1. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    Everyday I read posts by people who say " I have been using XYZ AV, AS whatever for the last 75 years and it has always protected me "

    well I don't have any software firewall, no realtime av, no antispyware programs, no hips...... and yet I have never been infected nor had my personality stolen.

    So - without cheating - what is the best way to get infected ? The only rules are that (1) the method of getting inected must be normal i.e general surfing, downloading etc -- the sort of thing that an ordinary user might be expected to do. (2) I won't turn off my hardware firewall and (3) I will continue to use Firefox and noscripts.
     
  2. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    for what experienced i noticed that most of the people that says they get infected from p2p downloads or games on the net and file sharing in hotmail messenger and emails with infected attachments.also chats like yahoo.
     
  3. virtumonde

    virtumonde Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    501
    Nice post :) .I'm waiting to see the methods also.
    Since u will use No Script i think browser infection are off.
    I can't think now only at running an infected .exe.Let'say from a warez site.
    Not sure if u consider that normal,but many people do.
    Also some IM(yahoo,probably other clients also) kiddies are possible.I've seen them.
     
  4. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    I would have to say downloading screen savers from various unknown sites and a good chance of malware piggy backing.
     
  5. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    now the best way to avoid getting infected is to lockdown systems preventing any changes to system or regs:thumb: blocking some file extentions may also help to achieve your gold of not getting infected.:thumb:
    note:for those who use malware defender they could use the silent mode and only
    allow aproved programs and denny the rest, the unknown.
     
  6. ambient_88

    ambient_88 Registered Member

    Joined:
    Jun 23, 2008
    Posts:
    854
    I guess you could open up a P2P application and start downloading random stuff (software, music, etc.). At the same time, you can visit warez/porn sites, MySpace, and other sites where there are lots of social networking going on.
     
  7. emperordarius

    emperordarius Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    1,218
    Location:
    Who cares
    Not to forget USB devices...they often carry worms.
     
  8. virtumonde

    virtumonde Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    501
    If you mean bittorrent (utorrent,azureus) that is safe.Downloading won't get you infected.Running infected application will.
    I download movies and music all day.
     
  9. virtumonde

    virtumonde Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    501
    Yes this looks like a real danger.Will "Disable Autorun"do the trick,or is it not enough?
     
  10. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    what about limewire?
     
  11. emperordarius

    emperordarius Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    1,218
    Location:
    Who cares
    Generally yes, but if you open that Documents.exe file with a folder icon in the folder Documents...you're infected.
    And if don't show known file extensions is enabled the documents.exe will appear only as Documents.
     
  12. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Downloading and running bunch of "keygens" or "cracks" from random warez sites (or via P2P) or browsing pr0n should do the job really fast. :D
     
  13. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Best way to get infected? Several come to mind.
    • Use a P2P and download executables. Open and launch results that are obviously the wrong apps.
    • Set up a disposable web e-mail account. Yahoo's AV always seems very out of date and is easy to bypass. Post that e-mail address in forums, newsgroups, crack sites, etc. Open whatever shows up.
    • Download software cracks and key generators, then open them.
    • Using a copy of MVPS or another good hosts file as a source, visit the links it would normally prevent you from reaching, especially anything with "CoolWeb... in it.
    I do hope that you're using a dedicated test unit for this, one that contains nothing of value.
     
  14. emperordarius

    emperordarius Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    1,218
    Location:
    Who cares
    Another thing...

    Regarding P2P, you can actually get infected also with supposely harmless Mp3 and avi files. Someone I know got a few of those some time ago, they mp3 where detected as Trojan.Win32.WMA downloader and avi as Trojan.Win32.GetCodec or something similar, don't remember exact names, so not only executables are dangerous.
     
  15. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK
    One of the best ways to get infected...go surf some pr0n and when you end up having to download a codec to view clip.....bam you are hosed:D

    Quick need pr0n...whats this codec...yes need pr0n...download codec to view....Ohnoes!!!112 Cyberclap ineffect for not practising safe hex:p
     
  16. virtumonde

    virtumonde Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    501
    I remember long time ago in my first days of using bittorrent i've downloaded(something sensational i thought at that time) a "Britney Spears etc..."which was described as a movie.The File had a movie icon(Media Player Classic is associated with it on my pc),but it was an .exe.I didn't notice when i unpacked it.I don't know how it was made.Luckily i used an AV which stopped it when i open it.
    Also i've seen and this can happen with every download,trojan launched when i unpacked the .rar file ,without running what was inside.This certainly was concerning.
     
  17. Bob D

    Bob D Registered Member

    Joined:
    Apr 18, 2005
    Posts:
    1,150
    Location:
    Mass., USA
    I recall a survey dealing with attack vectors some time ago, and the results were rather predictable.
    Overwhelming majority (+/-90%) of infections were via infected email attchments.
    Second source (+/-10%) were via DLs of nasties.
    Note: This was a survey in business environments, hence no P2P / file sharing threats reported.
     
  18. emperordarius

    emperordarius Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    1,218
    Location:
    Who cares
    Lol there should be an official thread somewhere with a whitelist of safe porn websites...you can already get combinations of the porn and youtube words:D
     
  19. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    Easy ways to get infected:

    1.- USB drive infected with autorun.inf
    2.- P2P, specially if you download cracks and warez, but sometimes mp3 are infected.
    3.- Since you are using Firefox and NoScript, browsing is less likely to infect you, but if you try to watch some video and it asks you to download a codec, that's a pretty easy way to get infected.
    4.- Related to "3": you get an infected attachment, download it and execute it (nowadays they use the youtube-like video and you hit play but are really clicking to a .exe path)
    5.- Instant Messaging worms

    In the past, I've been hit with 1, 2 & 5.
     
  20. Dogbiscuit

    Dogbiscuit Guest

    Make sure your software hasn't been updated in a while.

    Most people who get infected while surfing use IE (not fully patched).

    Installing codecs as mentioned above will almost surely lead to your system becoming compromised.
     
  21. Hiker

    Hiker Registered Member

    Joined:
    Nov 23, 2007
    Posts:
    268
    How does a USB get infected with an autorun.inf? Also, will a AV/AS scan of a .zip or .rar let you know if it's infectted before opening?
     
  22. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    Thanks - quite a list. The main connection that I see linking each of the methods is that they are all essentially voluntary. If you don't go to warez that is one possibility off the list. If you don't open attachments from unknown sources and your mail provider checks them first that's another off the list.

    Athough I have a number of machines working at any time I hadn't realised just what I was missing. I think I can live withou p2p, messeger chat and the rest.
     
  23. Pseudo

    Pseudo Registered Member

    Joined:
    May 4, 2008
    Posts:
    193
    Tons of exeuctables on the Gnutella network are infected... they're easy to spot, too. :p
     
  24. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    cracks and warez are the easiest way.
    i was given this task at college on some test machines.
    at the end we installed the lastest antimalware tools.
    nothing was found. that is until i started clicking the .exe files
    the best searchs are like "nero serial code" etc.
    or better still get a windows xp cd without any service pack and get hit by the blaster worm:D
     
    Last edited: Sep 12, 2008
  25. ruinebabine

    ruinebabine Registered Member

    Joined:
    Aug 6, 2007
    Posts:
    1,097
    Location:
    QC
    Hoax Warnings.

    Feel free to correct me/them (we're not talking of codecs here, isn't it).
     
Loading...
Thread Status:
Not open for further replies.