Wai_Wai
09-13-05, 10:33 PM
Hi.
I am gathering information regarding how a malware (eg virus, trojan, keylogger etc.) to infect your computer.
Here're my 2 cents ONLY (It may be wrong!!)
Ways malware used to knock at your computer (arranged from most dangerous ways):
- just connect to the Internet
It is to do with exploitation of holes in your operating system (common, especially you are using Windows which every hacker is keen on exploiting)
- surfing only trusthworthy websites
Hackers can inject codes which change the appearances of the legitimate websites [websites/servers themselves do not needed to be infected], and trap you into infection (depending on how you get there and your computer settings).
Even worse, if the legimitate websites/servers get infected, you will follow thier footsteps (seldom).
- surfing websites as normal
It's to do with HTML, Javascript, Java, Active Scripting, ActiveX and so on (common).
It's always a good idea not to browse with Internet Explorer - thanks to its integrated codes with Windows & ActiveX.
- install plugins or XPI or ActiveX anything similar in websites
The situation is ever worse when you have selected optinos which you allow your browser to automatically install these things (common).
If not, you can get infected, say, when a dialog pops up and you answer yes "OR EVEN NO" to install Flash Player plugins but that flash player is a special version XD.
To avoid this, you should use Alt+F4 [safest] or press the legitimate "x" (the one always at right uppermost) [still safe if you don't get deceived by other fake "x"]) (common)
- do interactive tests, online scans, and so on
Similar to the above. The differences are they use other excuses to lure you into infection.
- open documents, excel sheets etc. (even if you don't enable macros)
The reasons why you will still get infected is they exploits holes found in these applications, so they don't really need to ask for your permissions. they wil run as long as you click on them (common).
Other less dangerous methods (the list below is not sorted according to severity level):
- open any files, downloads, attachments, and so on
Some files may appear harmless (eg girl.jpg). You click on it, and... :(
You may never notice the infection, especially true for malware like trojans, keyloggers etc.
The tricks involved are to hide their real file extensions. If you set your Windows properly and understand some computing knowledge, you can see through their tricks.
- read HTML-embedded emails or posts in newsgroups
That's why it's always a good idea to read them in TXT only.
To be on a safe side, you may consider not to use Outlook Express (again common targets for hackers / malware writers).
- enable macro documents, excel sheets and so on
But if you don't enable macros, they can never harm you.
That's it.
Feel free to add one if I appear to miss it.
PS: After readng that, you may think I (pretend to be) a security guru/expert or claim anything. Don't take me wrong. Actually it is the opposite. I am just an ignorant citizen who like to make bold and thoughtless statements. In fact, what I know are all come from the mouths of security experts. I'm anything but great. Thanks for your appreciation!
I am gathering information regarding how a malware (eg virus, trojan, keylogger etc.) to infect your computer.
Here're my 2 cents ONLY (It may be wrong!!)
Ways malware used to knock at your computer (arranged from most dangerous ways):
- just connect to the Internet
It is to do with exploitation of holes in your operating system (common, especially you are using Windows which every hacker is keen on exploiting)
- surfing only trusthworthy websites
Hackers can inject codes which change the appearances of the legitimate websites [websites/servers themselves do not needed to be infected], and trap you into infection (depending on how you get there and your computer settings).
Even worse, if the legimitate websites/servers get infected, you will follow thier footsteps (seldom).
- surfing websites as normal
It's to do with HTML, Javascript, Java, Active Scripting, ActiveX and so on (common).
It's always a good idea not to browse with Internet Explorer - thanks to its integrated codes with Windows & ActiveX.
- install plugins or XPI or ActiveX anything similar in websites
The situation is ever worse when you have selected optinos which you allow your browser to automatically install these things (common).
If not, you can get infected, say, when a dialog pops up and you answer yes "OR EVEN NO" to install Flash Player plugins but that flash player is a special version XD.
To avoid this, you should use Alt+F4 [safest] or press the legitimate "x" (the one always at right uppermost) [still safe if you don't get deceived by other fake "x"]) (common)
- do interactive tests, online scans, and so on
Similar to the above. The differences are they use other excuses to lure you into infection.
- open documents, excel sheets etc. (even if you don't enable macros)
The reasons why you will still get infected is they exploits holes found in these applications, so they don't really need to ask for your permissions. they wil run as long as you click on them (common).
Other less dangerous methods (the list below is not sorted according to severity level):
- open any files, downloads, attachments, and so on
Some files may appear harmless (eg girl.jpg). You click on it, and... :(
You may never notice the infection, especially true for malware like trojans, keyloggers etc.
The tricks involved are to hide their real file extensions. If you set your Windows properly and understand some computing knowledge, you can see through their tricks.
- read HTML-embedded emails or posts in newsgroups
That's why it's always a good idea to read them in TXT only.
To be on a safe side, you may consider not to use Outlook Express (again common targets for hackers / malware writers).
- enable macro documents, excel sheets and so on
But if you don't enable macros, they can never harm you.
That's it.
Feel free to add one if I appear to miss it.
PS: After readng that, you may think I (pretend to be) a security guru/expert or claim anything. Don't take me wrong. Actually it is the opposite. I am just an ignorant citizen who like to make bold and thoughtless statements. In fact, what I know are all come from the mouths of security experts. I'm anything but great. Thanks for your appreciation!