RESEARCH BLOG

The source of infection.

 

The source of infection

 

 

999

 

Anti-Virus researchers analyze lots of code (malicious and non-malicious).

We create various ‘detection and cure’ mechanisms in order to provide best defense to our customers from malicious software.

Our goal is not only to handle existing threats, but to try catching new threats that we haven’t even see.

 

Sometimes, our customers would like to understand the details of the threat that they are dealing with, even if AV product succeeded in preventing the infection.

Our customers would like to know about the source of infection as well, in other words: “how the hell I got this?”

Sometimes we can give an answer for this question.

 

But what are the usual sources of infection by malicious software?

These sources always vary with time and history.

 

Nowadays, according to our virus-lab’s data, the champions are:

 

1)      During download by various peer-to-peer (P2P) and file sharing programs

This is huge source of infection. There are no guaranties that what you see within P2P sources is what you download.

Cyber criminals use various techniques to trick us and make us download and run their work.

They use social engineering as well.

So even if you download music or videos – there is still a reasonable risk of attack.

Some programs, documents or media files will even work in desirable way, but may include malicious code.

Well-known and huge malware families such as ZeroAccess (Zeus), Sality, SpyBot, Palevo, Dorkbot, SillyP2P etc.

Even if  the icon of downloaded file looks familiar – it means nothing, because cyber criminals change icons to whatever they  like.

 

Good idea will be downloading only from trusted sources.

Or at least to scan each file with computer security software (anti-virus etc) and check digital signatures.

Sites like https://www.virustotal.com/  (for example) provide scanning results of various Antiviruses.

 

999999

 

 

Lots of infections happen when the user tries to use Key-generators and Crack programs.

Well, this is not only illegal, but may affect computer in bad way ;-).

Anyway, users should consider that using p2p networks and file sharing programs is very dangerous.

Good practice is to check anything you download for malware.

 

 

2)      Visiting compromised websites

 

Our data base of un-recommended websites is growing all the time.

If any prognoses is possible: The number of malicious websites will continue to grow.

Various techniques as well as social engineering (with huge help of social networks) are used by cyber criminals to  promote malicious websites, so thousands and sometimes tens of thousands new malicious sites added every day.

 

Malicious websites are not always created as such.

Cyber criminals usually try to exploit vulnerabilities of web server or software that the server uses.

The worst case scenario is that the user don’t have to perform any action at all.

Malware code maybe embedded within any part of the webserver application and may automatically run upon various events.

Usually, unfortunate users visit these sites by mistake.

Sometimes, they are searching the internet and accidently enter the site and sometimes they are tricked to enter malicious sites.

Sometimes, the users click the links that are within emails or social network sites.

 

9999999g

 

Nowadays, there are many good security applications that not only protect web surfers from malicious websites, but

categorize all websites and provide parent control as well.

On top of that, this is surfers responsibility to use common sense while entering any site, clicking any link from email,  clicking any link from social network.

 

By the way, social network is one of the favorite playgrounds for Malware writers and other cyber criminals. They bring  interesting articles, pictures and videos (sometimes real and sometimes bogus) convincing people to enter malicious sites.

 

 

3)      From malicious email

 

9999999999999999

 

 

Email scams are very old scams and a lot of information has been published about malicious emails.

This kind of infection sounds easy to avoid, but somehow people fall into this trap and open emails from unknown sources, hit on the links and on the attachments within emails, even sometimes unpack and execute downloaded archive   files.

This happens because malicious emails are camouflaged and sometimes it is difficult to distinguish between them and the real legitimate emails.

“Junk” folders of every email-box are full with spam emails, malicious emails and phishing emails.

Phishing email are fraud emails. These emails are used by cyber criminals to trick people to give away personal information. People think they enter legal site, but they are directed to malicious site.
The “how to be careful” rules are published for many times, but common sense is always vital:

Don’t trust emails from unknown sources: companies and people that you are not familiar with. Emails that give you money or ask you for money are very dangerous and unlikely to be real (even if they are from somebody you know).

Romantic and erotic emails can be fraud as well, but we all should always be careful with romance ;-). Come on, why in the world, somebody unknown or even celebrity will send you emails with her/his photos and videos? ;-) Emails that ask you for personal (sensitive) information must be highly suspicious. If emails contain links to websites, remember that it is much safer to enter websites by typing the address directly to your browser.

Be very aware of attachments – think about the reason and sanity – why such and such person or company would send you an attachment by email.

 

To summarize the email’s threats:

–          Emails from unknown sources

–          Financial emails

–          Romantic and/or erotic emails

–          Asks for sensitive information

–          Emails containing links to web sites

–          Attachments to the emails are always suspicious

 

Like I said previously , it is hard to distinguish fake emails from real emails. But sometimes, if you take time for reviewing and thinking – you would see little things that will discover the threat.

For example: Email addresses (From, To, CC and even BCC) must not to be hidden and must be written correctly, wrong logos and strange pictures within the email. Grammatical mistakes of official emails are very good signs of threat.

Or proposal within an email is “too good to be true”.

 

 

So the bottom line is that the biggest factor and reason of malware infection is the “user”.

To avoid infection, the user should be careful with emails, websites and file shares as well as keep operation system and   computer security programs updated.

 

 

By Alex Polischuk.