We all know that malware is a bad thing, and something that we need to avoid. But how exactly does malware manage to infect our devices in the first place?
Firstly, before we discuss how malware infects a computer, let’s talk about how malware probably didn’t infect a computer. Any by that, we mean busting some misconceptions.
I was hacked.
Claiming you were hacked is a vague notion used by victims of malware who don’t understand how exactly malware made it onto their computer. The problem with claiming you were hacked is that people have different interpretations of what computer hacking is, and what constitutes hacking. Further to that, it’s far too vague and all-encompassing to describe exactly how malware made its way onto the computer. Most examples whereby victims claimed they were hacked were actually because they exhibited poor security habits that need to be addressed rather than glossed over with a generic hacking explanation. As such, it’s important to discover exactly how the malware intrusion took place.
Magic.
If malware manages to worm its way onto a computer, it happened for a reason, and it’s important to determine how it happened. Assigning the blame to magic or any explanation tantamount to magic doesn’t address the core problem.
With that out of the way, let’s describe the most popular ways malware can plague a computer with its presence.
How does malware get on to a computer?
Exploits on Unpatched Software
Cyber crooks are always probing software (including a computer’s operating system e.g. Windows and web browsers e.g. Chrome) for security vulnerabilities that they can take advantage of that will let them infect a computer running that software.
Many infections that take place this way are capitalizing on security vulnerabilities that have been fixed, but the user has not downloaded the most recent security updates, and as such are still vulnerable to this type of attack.
Of course security patches are important, because they fix security vulnerabilities. But there is a downside, because releasing them allows cyber crooks to reverse engineer them to see what vulnerabilities they were fixing in the first place, allowing them to create exploits to target computers that have yet to install the security patch. This is why it’s important to download security patches as soon as they become available.
Examples of exploits on unpatched software can include drive-by download attacks, whereby crooks develop a way of downloading malicious files to your computer when you visit a website, without needing you to consent to the download.
Exploits on Unsupported Software
Most software will become so old that maintaining them isn’t viable, so eventually the support (including security fixes) stops. This makes computers running unsupported software vulnerable to attacks in the same way as using unpatched software (the point above) does.
For example, it is estimated that millions of computers worldwide still use the unsupported Windows XP operating system, which is how the WannaCry ransomware attacks infected countless networks across the world, including many NHS computers in the UK.
However there are no security fixes to download for unsupported software. The only option is to stop using unsupported software and to upgrade.
Zero-Day Attacks
Even if you’re using software that is both supported and kept up-to-date, there is always the chance that security vulnerabilities will still exist that the developer doesn’t know about or hasn’t fixed yet, but are actively being exploited by cyber crooks. These are called zero-day attacks. Fortunately, serious zero-day attacks are rare, but they do happen, and the best line of defence is good antivirus software to detect any malware attacks launched against you through such an exploit.
Email Attachments
Malicious email attachments remains one of the most popular attack methods using by cyber crooks when it comes to installing devices with malware. Email attachments allow crooks to send dangerous files straight to a user’s computer via their inbox.
Of course the user has to be lured into opening the attachment before it can do any harm, but cyber crooks have developed a myriad of social engineering techniques to trick recipients into doing just that.
User Downloads
Malware can infect a computer if the user downloads and opens it directly from the Internet. Of course a user won’t do this intentionally, but crooks can use a number of tricks to fool a user into thinking their download is harmless. Some popular tricks include –
Scareware: The user is told by a pop-up that they have a virus and need to install antivirus software. However the antivirus software the user is directed to is actually malware.
Fake video plugins/updates: A user is told to download a video plugin or codec in order to watch a video online, but this is actually malware. An example of a fake update for Flash can be seen below.
Torrents: Torrents are used to share files across the Internet using special torrent software, but this can also be used to spread malware infected files.
Bundled software: Free apps and programs on the Internet can come bundled with unwanted software, even potentially malware.
Malware
Yes, malware can lead to more malware. Malware types such as “back door” malware (or “command and control” malware) are designed specifically to allow a crook unauthorised access to an infected computer, which in turn can lead to further malware infections. For example, the Emotet malware.
Removable media
Last, and yes, probably least, is removable media, such as USB keys, CDs and, retrospectively, the media used to move some of the earliest computer viruses, floppy disks.
We’ve put this last because the popularity of spreading malware this way has, inevitably, decreased dramatically. Before the days that nearly all computers were connected to the largest network on the planet that we now call the Internet, the only way to access a computer was to be physically in front of it.
Consequently, that meant infecting it with malware required someone to physically plug something into it, such as a USB key or floppy disk that was booby-trapped with malware. This doesn’t happen much anymore, but it’s certainly still possible.