How did my PC get infected?

June 15, 2011

We get many calls from both business and home users that require our services to remove viruses and malware from their infected PCs. And the question that usually gets asked first is “How did my PC get infected?”

This is not a simple question to answer because there are many reasons why your system was compromised but in our experience it often involves the user simply clicking “yes” to a popup. For instance, you get prompted to “install this plugin to view this movie”.  You install the plugin but nothing happens…or so you think.

In recent months more infections are being made by software that’s supposed to fix an issue with your PC.  The reality is that these are nothing more than “scareware” applications where you have to pay to have them removed.

Another common reason for infection is out-of-date software; namely operating system updates, program updates and antivirus patterns.  Many infections target specific bugs with a browser, or a browser plugin like Adobe Flash.  These exploits rely on bugs in systems to allow the rouge software to install itself as if it were an administrator.

And then there’s the P2P (Peer to Peer) file sharing networks like BitTorrent. Whilst this software lets people share music and other media it also allows them to share programs and many of these programs are simply malware pretending to be something else. Key generators (program that generate serial numbers for pirate software) are also popular methods of infections.

Email is still a threat but much less so. People and technology have become much better at spotting the signs of a fake email.

How do I protect my PC?

The first thing to note is “there is no such thing as perfect protection”. Many vendors supply all singing and all dancing products but these can never protect against “zero-day” vulnerabilities; where a new bug has been discovered and not fixed.

Our recommended approach is simple. Be more aware of what you are doing.

For example, zero-day bugs are quite rare but they have found an interesting way to spread themselves very quickly and that’s through sensational headline stories on social network sites like Facebook and Twitter.  On Boxing Day 2010, a rumour was spreading around the internet that Charlie Sheen had been killed in a snowboard accident. These rumours are often started and picked up by reputable news agencies giving them credibility but many articles have been setup on various rouge pages that have infected elements, like popups. By clicking the “No Thanks” button you’ve actually just clicked the “Yes Please” option without knowing.

The First Steps

To reduce your chances of infection start by:

Stop using an admin account – when logging into your PC do NOT use an administrator account. Create a separate user account that has restricted access. By running as an administrator you’ve instantly given full permission to whatever, or whoever, is trying to infect your PC thus making it much easier for rouge software to be installed.

Keep Windows up to date – check that your PC is up to date with the latest security patches. Your PC has the ability to update itself via the Windows Update feature. This can be set to run automatically every day via the Security Centre. Whilst Microsoft usually releases updates once a month it’s well worth checking regularly to protect against Zero-Day bugs.

Keep Your Antivirus and Anti-Spyware up to date – this is something that you must check each day. Keep an eye on when your PC updates. I personally use Avira AntiVir and this pops up a notification nearly every day that the patterns, or virus signatures, have been updated.  If I don’t see this popup after a few days I check the website manually to verify I have the right version.

Use a good personal firewall – a personal firewall helps to raise awareness of a potential infection as it blocks not only incoming attacks but also when an application tries to contact the outside world.  So if you do get compromised a popup alerts you to the fact the application “xyz” is trying to access the internet.

Use other free spyware scanners – there are many free spyware scanners that don’t need to run all the time but do act as a secondary safety net.  They do not have to run in “real-time” like a virus scanner but can be run manually once a week. Two very good examples of this are MalwareBytes and SuperAntiSpyware.

See no evil, Hear no evil, Speak no evil

This is probably the worst situation to be in.  Having an infection and NOT knowing about it. Global spam went down over Christmas and it was largely due to the fact that many PCs with undiscovered malware were switched off whilst people were either out of the office or on holiday somewhere.  A regular scan and up to date software should pick these infections up.

You may well be in this situation yourself asking “Why is my computer slow?”

But as mentioned above, the best method of protection is to be suspicious of everything and take great caution.