Exploring Information Security

View Original

How did I get infected with malware?

Timothy De Block

BSides Nashville 2015

The question

“How did I get infected with malware?” is a question I get asked quite often in my day job when I am investigating a machine with a malware infection. The answer usually comes down to, “It is not your fault, you are on the internet and these things happen.” Sure, some sites are more risky than others. Go off the beaten path and there is an increased risk of viruses, trojans, cryptolocker, spyware, and all sorts of icky things will make their way onto a computer. The reality is that malware can make its way onto a computer from just about anywhere. Two examples of legitimate websites passing out malware visiting a site like Forbes, or visiting celebrity chef Jamie Oliver’s website, or any really any other site running advertisements.

Some websites are running platforms and applications with unpatched security flaws or running advertisements that have not been properly vetted by the advertising agency. Both of these security shortcomings on websites can lead to computer infections that happen behind the scenes and undetected.

What can be done?

Keep your computer up-to-date, install EMET, and implement some safe browsing tools.

To keep your computer up-to-date use Secunia's Personal Software Inspector (PSI). It's free, it's easy to use, it keeps your programs up-to-date with the latest patches.

Install the Enhanced Mitigation Experience Toolkit (EMET) from Microsoft. It's free, it's easy to use, and it protects your computer from nasty things. 

Enable Click-to-Play on your browsers. Easy to implement, but a little more annoying to use. Essentially, you choose when applications like Flash play, so nothing runs that you don't want to run in your browser. Yes, it's a little more annoying to browse the web, but comes with the benefit of improved load times. It's not going to suck up bandwidth if it can't run.

If you need help or want a further explanation on any of these tools or if you want more leave a comment or email me at timothy.deblock[at]gmail.com.

This post first appeared on Exploring Information Security.