Here are the most common ways malware infects your computer:
Outdated Anti-Virus and Unpatched Devices – The single most important action a computer user can do to help stay protected is to use up-to-date anti-virus protection and apply patches/updates to your device.
- Update your application software with up-to-date patches.
- Always install software updates from mainstream vendors such as Adobe, Java, Microsoft and Apple.
Drive-by Downloads – When you visit a website a script on the site secretly runs and installs malware
- Drive-by downloads occur when a program is downloaded onto your device without your permission. One way this happens is through malicious advertising or malvertising. You know the advertisements that appear on the edge of many webpages? When malicious actors purchase advertising space there, they can install malware in the advertisement. That means that if you see that malicious advertisement, which looks like any legitimate advertise, the malware hidden in the advertisement will automatically try to download onto your device.
- Keep your antivirus and system software up to date to avoid becoming infected.
Social Engineering – Malicious Links
- Social engineering relies on tricking you into taking an action, such as clicking on a link. As the malicious website opens, malware can be installed on your device. Simply visiting these websites is enough to infect your device.
- Some types of social engineering use link baiting or other techniques to get you to click on the malicious link. Link baiting (which is not necessarily malicious) is when content providers try to get you to click on a link. One popular form of link baiting is providing a teaser that generates interest in the story, such as “5 Things Preventing You From Being Rich” or “When I found about this trick, it blew my mind!”
Social Engineering – Popup Alerts – Popup alerts falsely tell the user that their machine is infected with a virus or has some other problem that needs to be fixed. The user will click on the alert and either be asked to install the software (really malware in disguise) that is purported to fix the problem or a “drive-by” download will be initiated.
- Do not click or engage with the popup window. In the example to the right (click image for larger version), do not click on the “Pause” or “Stop” buttons.
- Close the window by either closing the browser completely or through the (x) in the upper right corner of the window
Social Engineering – Media Players – A popular source of malware is a website media player download. When a user wants to play a video, the website will ask to install a video codec or other required software. The media player software will instead install malware.
- No matter how enticing the video, only install media player software from trusted websites such as Apple.com, Microsoft.com, and Adobe.com.
Email attachments – One of the oldest ways to spread malware is through email attachments
- Do not open attachments or click links from unknown or untrusted sources.
- If a friend sends you an attachment that looks suspicious contact them first before opening the attachment
- Never open email attachments that end in .exe, .bat, .com, .vbs
Phishing Emails – Phishing emails will try to convince users into clicking on a link within the email. The link will take the user to a website that will either try to make the user manually install malware or will perform a “drive-by” download to install the malware.
- Never click on links in an email
- Find out how to protect yourself from Phishing Emails
Peer – to – Peer (P2P) / file sharing programs and websites – Many of the P2P software such as Kazaa, Bearshare, and iMesh contain malware that will be installed when you install the P2P software. In addition, malware has often been disguised as legitimate music and video files for download.
- Do not download or upload copyrighted material; this is illegal and against the NU Acceptable Use Policy.
- Do not allow P2P uploading to your computer
- Run any downloaded file through a virus scan before opening
- Only install P2P software that has been verified malware free
Information Provided from: MS-ISAC and Stop Think Connect