Vectors of Computer Virus Infection
June 22, 2009 4:08 AM Subscribe
What are the common form of Computer Virus spread these days? I remeber back in the day it was all about Word macros, then Outlook attachmets auto-running, but therse days is it all Internet Browser Exploits? How does your computer get infected these days? Can you get a virus just by visiting a webpage (but not running any aps / agreeing to intall anything)?
Do viruses these days need you to explicitly agree to run something?
If you are 'really really careful' about what you do and do not run then do you really need Anti-Virus software / Spyware etc?
I recently seemed to get infected with this Antivirus Pro but I'm not sure where it came from. It could have been a Facebook thing.
Do viruses these days need you to explicitly agree to run something?
If you are 'really really careful' about what you do and do not run then do you really need Anti-Virus software / Spyware etc?
I recently seemed to get infected with this Antivirus Pro but I'm not sure where it came from. It could have been a Facebook thing.
Visiting a webpage IS "explicitly agreeing" to run it, AND all the code that the webpage author has explicitly OR implicitly OR accidentally OR erroneously OR unknowingly agreed to allow there. Sufring the web without antivirus AND antispyware AND a properly configured firewall is the equivalent of being "really really careful" while visiting a random selection of the best brothels in South Africa.
Right NOW, go download AVG Free Antivirus, Spybot Search & Destroy, and CCleaner. Run these. Then go to EVERYWHERE you have a password or PIN and change them. All of them.
posted by EnsignLunchmeat at 5:07 AM on June 22, 2009 [1 favorite]
Right NOW, go download AVG Free Antivirus, Spybot Search & Destroy, and CCleaner. Run these. Then go to EVERYWHERE you have a password or PIN and change them. All of them.
posted by EnsignLunchmeat at 5:07 AM on June 22, 2009 [1 favorite]
Do viruses these days need you to explicitly agree to run something?
No, they usually use something called a drive-by download. Hopefully if your system is fully updated, you won't be vulnerable to this, but you never know.
posted by smackfu at 6:18 AM on June 22, 2009
No, they usually use something called a drive-by download. Hopefully if your system is fully updated, you won't be vulnerable to this, but you never know.
posted by smackfu at 6:18 AM on June 22, 2009
I've gotten into the habit of using browser A (usually Firefox) for general web stuff, but doing online banking, bill-paying and that kind of thing only in browser B (presently Opera). Not perfectly foolproof of course but nothing's perfectly foolproof and this gives me yet another layer of latex when I'm Out There. Also, any kind of even vaguely questionable site (one that, for instance, doesn't work unless I allow any kind of cookies it wants to write) get visited using a browser running inside of Sandboxie. Another also, several of the free firewalls now come with very good intrusion detection systems. Both Comodo and the PCTools firewall/HIDS have thrown up Allow This?/Deny This? warnings about stuff I definitely didn't want to happen on my peecee--in time for me to say F*** NO!.
posted by jfuller at 6:45 AM on June 22, 2009 [2 favorites]
posted by jfuller at 6:45 AM on June 22, 2009 [2 favorites]
Best answer: Acrobat Reader exploits are one popular infection vector these days. You visit a web page that contains an infected PDF. Your browser automatically downloads it and opens it in Acrobat Reader for you, without any prompts. Acrobat Reader attempts to display the PDF and ends up running the virus code. Presto, infected computer.
Often, viruses that get downloaded from web sites contain code to spread themselves via other vectors, like windows file sharing or sending themselves to your contacts lists via e-mail.
There's also the issue of how these viruses get onto web servers in the first place. Exploiting vulnerabilities in various people's web applications seems to be getting popular. For instance using SQL injection attacks to insert some javascript code into a database, so that subsequent users of a site will have malicious javascript sent to them along with whatever comes out of that database. Or numerous other methods to be able to upload and link to an infected PDF directly.
In addition to running good anti-virus and anti-virus software, I find using Firefox with the NoScript extension is a useful defensive measure. Mainly because JavaScript won't run, and flash objects, PDF files, etc., won't load, without your approval. You can't really tell if any of these are malicious, but you can at least only run the ones that you actually need. Which might be none of them if you end up on an unintended site site unexpectedly.
Keeping stuff like your flash player and PDF reader software updated with all the security updates helps too. But there can be a lot of that stuff to try to keep track of.
posted by FishBike at 6:48 AM on June 22, 2009
Often, viruses that get downloaded from web sites contain code to spread themselves via other vectors, like windows file sharing or sending themselves to your contacts lists via e-mail.
There's also the issue of how these viruses get onto web servers in the first place. Exploiting vulnerabilities in various people's web applications seems to be getting popular. For instance using SQL injection attacks to insert some javascript code into a database, so that subsequent users of a site will have malicious javascript sent to them along with whatever comes out of that database. Or numerous other methods to be able to upload and link to an infected PDF directly.
In addition to running good anti-virus and anti-virus software, I find using Firefox with the NoScript extension is a useful defensive measure. Mainly because JavaScript won't run, and flash objects, PDF files, etc., won't load, without your approval. You can't really tell if any of these are malicious, but you can at least only run the ones that you actually need. Which might be none of them if you end up on an unintended site site unexpectedly.
Keeping stuff like your flash player and PDF reader software updated with all the security updates helps too. But there can be a lot of that stuff to try to keep track of.
posted by FishBike at 6:48 AM on June 22, 2009
The most common virus is not a virus at all but a trojan. Someone will receive an email with an attachment called hot_photos.exe and they will simply run it.
Browser exploits are somewhat overhyped, a patched computer doesnt usually have any issues with exploits like these as they usually get patched before these exploits go out int he wild or shortly after. (yes there are exceptions to this, but I am speaking generally).
It could have been a Facebook thing.
I think this may have been from a virus that prompts you to upgrade your flash install. Obviously, its not flash so you are now installing virus even when you think youre being "extra careful." I suggest you run an anti-virus.
If you want to be truly careful you an run an account that is a non-administrator.
posted by damn dirty ape at 6:52 AM on June 22, 2009 [1 favorite]
Browser exploits are somewhat overhyped, a patched computer doesnt usually have any issues with exploits like these as they usually get patched before these exploits go out int he wild or shortly after. (yes there are exceptions to this, but I am speaking generally).
It could have been a Facebook thing.
I think this may have been from a virus that prompts you to upgrade your flash install. Obviously, its not flash so you are now installing virus even when you think youre being "extra careful." I suggest you run an anti-virus.
If you want to be truly careful you an run an account that is a non-administrator.
posted by damn dirty ape at 6:52 AM on June 22, 2009 [1 favorite]
You also want to shut off javascript in Acrobat. Edit > Preferences > Javascript > uncheck enable.
posted by damn dirty ape at 6:54 AM on June 22, 2009 [1 favorite]
posted by damn dirty ape at 6:54 AM on June 22, 2009 [1 favorite]
Exploiting vulnerabilities in various people's web applications seems to be getting popular. For instance using SQL injection attacks to insert some javascript code into a database, so that subsequent users of a site will have malicious javascript sent to them along with whatever comes out of that database.
Note this very thing happened to Metafilter in January. So the idea that "you only go to safe and known sites" is a false security.
posted by smackfu at 7:01 AM on June 22, 2009
Note this very thing happened to Metafilter in January. So the idea that "you only go to safe and known sites" is a false security.
posted by smackfu at 7:01 AM on June 22, 2009
For years, I ran Windows 2000 as a non-administrator user on a low-end computer with a firewall but no antivirus, and I never caught anything. I didn't have the CPU cycles to devote to an antivirus.
If you're always 100% up-to-date on your OS patches, and you are careful where you go, and you use web email (Hotmail/Gmail), and you don't execute things you don't recognize, and you use non-mainstream software (esp. Firefox, Foxit reader, VLC, etc.) you have a low probability of catching anything.
This being said, I've since upgraded my computer and am running Vista with an antivirus (Avast!). Any risky activity, esp. trying out new software, gets run inside a VM. Getting a virus is a huge pain in the ass, and costs a lot of time (and perhaps money). You should get one to be extra safe.
posted by Simon Barclay at 7:01 AM on June 22, 2009
If you're always 100% up-to-date on your OS patches, and you are careful where you go, and you use web email (Hotmail/Gmail), and you don't execute things you don't recognize, and you use non-mainstream software (esp. Firefox, Foxit reader, VLC, etc.) you have a low probability of catching anything.
This being said, I've since upgraded my computer and am running Vista with an antivirus (Avast!). Any risky activity, esp. trying out new software, gets run inside a VM. Getting a virus is a huge pain in the ass, and costs a lot of time (and perhaps money). You should get one to be extra safe.
posted by Simon Barclay at 7:01 AM on June 22, 2009
In addition to EnsignLunchmeat's good advice, I would recommend installing the free McAfee SiteAdvisor and the Netcraft Toolbar on your firefox and internet explorer web browsers. Malwarebytes is also useful.
posted by gudrun at 7:29 AM on June 22, 2009 [1 favorite]
posted by gudrun at 7:29 AM on June 22, 2009 [1 favorite]
Run Mac or Linux and your chances decrease to practically 0.
Otherwise, always make sure you have the latest security updates, run as a non-admin account, don't run things you don't know, make sure you're behind a router running NAT that doesn't have your machine in the DMZ and port forward as appropriate, install either ClamAV or AVG, avoid downloading things from P2P networks, usenet and IRC.
posted by Brian Puccio at 8:32 AM on June 22, 2009
Otherwise, always make sure you have the latest security updates, run as a non-admin account, don't run things you don't know, make sure you're behind a router running NAT that doesn't have your machine in the DMZ and port forward as appropriate, install either ClamAV or AVG, avoid downloading things from P2P networks, usenet and IRC.
posted by Brian Puccio at 8:32 AM on June 22, 2009
As an aside on the Mac thing, they DO exist. I went to a torrent site (not quite reputable to begin with, but I needed an OS install ISO), and got a drive-by download of a DMG file that my browser helpfully opened for me and prompted to install "player". Given that I never clicked on anything to download, and certainly wasn't looking for a player or media to play, I didn't install it. Some malware authors are getting wise to Macs, and are beginning to target them.
Yes, it would still need me to have clicked on it, authenticated, and otherwise "be not careful," but don't let the fact that you're running a Mac let you get cocky.
(I also run Linux on a PPC Mac, but that thing is so ancient and behind, that it's incapable of running most attack vectors, even if I wanted it to... security through obsolescence!)
posted by GJSchaller at 11:40 AM on June 22, 2009
Yes, it would still need me to have clicked on it, authenticated, and otherwise "be not careful," but don't let the fact that you're running a Mac let you get cocky.
(I also run Linux on a PPC Mac, but that thing is so ancient and behind, that it's incapable of running most attack vectors, even if I wanted it to... security through obsolescence!)
posted by GJSchaller at 11:40 AM on June 22, 2009
Run Mac or Linux and your chances decrease to practically 0.
Not true [1, 2, 3].
The Mac was largely ignored for along time, because there was very little value in attacking it. This is beginning to change. Linux tends to be locked up tighter by default, but it really depends on your package and how familiar you are with it to get foolproof security. Windows, particularly older versions, are of course still the most vulnerable.
Similarly, despite the fact that I am using Firefox right now, there have been critical updates to Firefox within the past few months to fix bugs which allowed arbitrary execution of code at the user level and required only a visit to a malicious website or clicking on a link sent to you. [1, 2]
So to answer the posters original question: yes, it can happen. Also, Spybot was pretty good in its day, but you are better off with Malwarebytes now. A decent firewall is worth setting up, and at least have some type of low-profile antivirus installed on your computer, just in case.
posted by sophist at 11:47 AM on June 22, 2009
Not true [1, 2, 3].
The Mac was largely ignored for along time, because there was very little value in attacking it. This is beginning to change. Linux tends to be locked up tighter by default, but it really depends on your package and how familiar you are with it to get foolproof security. Windows, particularly older versions, are of course still the most vulnerable.
Similarly, despite the fact that I am using Firefox right now, there have been critical updates to Firefox within the past few months to fix bugs which allowed arbitrary execution of code at the user level and required only a visit to a malicious website or clicking on a link sent to you. [1, 2]
So to answer the posters original question: yes, it can happen. Also, Spybot was pretty good in its day, but you are better off with Malwarebytes now. A decent firewall is worth setting up, and at least have some type of low-profile antivirus installed on your computer, just in case.
posted by sophist at 11:47 AM on June 22, 2009
« Older How to unstickify a camera 'on/off' switch? | 40 channels on a radio tuned to static Newer »
This thread is closed to new comments.
posted by glenno86 at 4:58 AM on June 22, 2009