what is the easiest/best way to get infected ?

Being lazy or careless.
But none of us would ever be laz or careless, would we?
Hugger

 

Looking for and visiting the many new smitfraud/zlob/vundo sites that pop up around the place I have to allow the sites through Noscript in order for them to work their trickery.

Great FF addon but it gets in the way when ya wanna get infected.

 

attack site, codecs and cracks.

 

Easiest way to get infected is peer into OC's database of malware and run them in your machine but i highly recommend you never do that with their samples on a production machine you need to use often or conserve data.

That's the easiest because i do it all the time.

If you're interested in trying to attract a forced intrusion from the net however, there doesn't seem to be any limitations to what is already been mentioned above at dodgy sites.

 

I find it interesting that always when people talk about infections many mentions P2P. They say "dont P2P".
As if the P2P in it self is the cause of the infection.
It doesnt just happen here at wilders, that seems to be a general misconception.
Where does that come from? P2P isnt the only way to download files.
I am not even sure that P2P is the most common way to download files (or is there any studies of that?)

afaik the easiest (very common atleast) way is to get an infected mail attachment on a windows admin account and driveby download using an browser with javascripts allowed on a admin account with no or poor firewall/antivirus solution.

 

Well, that's definitely easy to explain. You'll practically never get infected from "genuine" warez, with original releases spread via private FTP servers with severely limited access. Groups deliberately releasing such stuff would be profesionally dead immediately.

OTOH, once this "trusted", private stuff leaks, people tend to alter the releases (or even fake them altogether) and inject trojans/virii/malware into them (especially into cracks and keygens). Then they spread it via P2P and or various public websites.

Contrary to the private FTP sites where members can generally trust each other, that are never open to general public and where getting infected is extremely unlikely, getting access to warez via P2P is extremely easy, but the above is the price you pay for using such untrusted sources.

 

I think that pretty much sums up the real risk on the internet, that being: "The main threat to computer security is the computer operator"
I'd say, with the exception of being really unlucky (that could take a long time) or possibly surfing sites that are renouned for drive-by virus attacks (am not sure if your firewall can prevent any of these, but FF+no script most likely will stop anything browser based) then the only way for you to get infected would be for you to take an active role in infecting yourself, which kind of defeats the whole thing.

 

To rephrase this - if people drove their cars the same way they are using their computers, there'd be millions of dead on the streets every day.

 

I agree with you. P2P will not get you infected just by sitting there. But downloading untrusted files is a good way to get infected. In the past (a few years ago, as almost every teenager), I did use Kazaa to search for pirated games, and I got infected many times. Now I still use P2P but I'm carefull now and also I've give up on cracks and such stuff. Not a single p2p related infecton ever since. Bottom line: p2p is not dangerous, it's how you use it (exactly like cars, fire, guns, etc)

Related to this, I always have to smile when people say "my [son/wife/brother/etc] has downloaded Windows Messenger" and get all worried about it.... using Messenger is not a guaranteed infection, I use Messenger since 2001 and have been infected by it just one time, and guess what, IT WAS BEACAUSE I CLICKED AN UNSOLICITED LINK. For Messenger, the same Internet rules apply: DON'T CLICK ON EVERY LINK; DON'T ACCEPT EVERY FILE. That's all. People who get infected in Messenger won't be safer by not being allowed to use messenger: they will find a way to get infected anyways (email, browsing, downloading stuff, etc).

 

Yes, technically you are right. The infected files are not really mp3. But they appear when you do a search for music and have .mp3 extension. So the bottom line is: you can get infected even if you are just looking for innocent music.
LimeWire is full of them and there are like 2 or 3 threads here at Wilders about this issue.

 

You could visit any or all of the "50 Dangerous Websites" listed on WOT's (Web Of Trust) website.

 

Fair enough.

I knew that it was probably what you were talking about by stating "infected mp3". I just felt a need for clarification with the all the fud on music piracy of those days...

 

Actually mp3 and avi files can be infected, if some trojan is binded with them. I saw infected mp3 and avi files, which could be played, but were infected with trojan downloaders.

 

I would realy be curious to have a free run on a sample of this. Btw, did you also see some of those trojanized txt files?

 

Take a look at this: http://www.kaspersky.com/news?id=207575664

 

Run an unpatched (no service pack) WinXP and connect internet. Thats all, one minute is enough for being infected with a worm.

 

I can think of several ways.

1) Download games and music from obscure countries my son in law did this several times

2) Install free security SW with all sorts of adware in it

3) Play with mini cd's that come out of cereal boxes I did that in days of yore!

4) My Dell was delivered with dozens of virus pre installed but I needed to scan to find them!

But I have a question for you, how do you know you are not infected with a trojan who is phoning home to the mother ship? Without the outbound FW log you don't know

 

Do you mean that on demand programs wouldn't pick this up ? prevx csi for example ? If there is a program that can find a trojan work or whatever that I haven't got then let me know and I will ceck my machines.

 

So if I can dig out a pre SP1 CD and install then within a minute a worm would get through the hardware firewall and infect my pc ?

 

Heh, and arg!

I done that one time when XP first came out. I was trying to reach the download site for old Kerio 2.15 and before i got it, it got me.

Lesson learned, never repeated again.

 

Darn! I was gonna post that idea

I'm thinking "no" it wouldn't, but subsequent general surfing would probably land an infection on the machine pretty quick. I'd like to see some comments on this, since this is out of my scope of knowledge. I'm really just guessing an infection would occur quickly because of all the unpatched services and what have you in Windows.

 

very simple, go to some viruses collector site and download some viruses...

 

Those AV 2009 fake AV exploits are spreading like wildfire. I'm almost of the mind to believe it's by design no immediate action is taken on many of them even after being reported. I re-visited some reported and they simply changed the way they entice innocent users to fall victim.

Anyway, FWIW, i captured quite a few of them and even found some mingled with some really threatening former malware/rootkits.

Reminds me of the old coolwebsearch group who seemed like a malware enterprise on the same level as AV's, only opposite.

 

Yep, and they are morphing so as to be undetectable by the main AV's.

Finding new and or morphed rogues can be a bit of fun and getting the glory of having the siggy added to MBAM's data base is a great feeling.

If anyone finds something new maybe you could post a mung link over at the Newest Rogue Threats part of MBAM's forum?

 

I agree that unpatched services might/would probably lead to infection but think at the suggestion that I install a pre SP1 version of Xp violates the rule of
doing nothing really unusual. As with almost all suggestions so far the user has to be pretty dumb to get caught here.