135 W Main Street Suite 101, Kingsport, Tn 37660
PROFESSIONAL AND AFFORDABLE IT SUPPORT FOR THE TRICITIES
- Residential Services
- IT Services For Your Business
- Desktop Support
- Disaster Recovery and Business Continuity Planning
- Free 32-Point Inspection
- IT Security
- Line of Business Software
- Managed Computer Maintenance for Businesses
- Networking Support
- Remote Computing
- Remote Phone Support
- Server Support
- Software Development
- About Us
- Contact Us
How Your Computer Got Infected
In our quick series of popular questions, we have already explored why virus writers want to infect your computer. We will now discuss how your computer got infected. See the bottom of the article for our special offer!
DISCLAIMER: we will use the term “virus writer” to describe an individual who both writes a virus and uses it to infect a computer or server. In real life, this may not be true. Many of the best virus writers will sell or give their viruses to other people who in turn use the virus to infect other computers. However, for the sake of simplicity, we will keep the term to one person.
Through most of the 1990s and into the early 2000s, email was the most common virus infection method. Spam filters were less sophisticated and email users were less educated. Search engines did not have the same accuracy for finding information on the web, nor were there as many Internet websites overall. As a result, people emailed pictures, movies, and documents more frequently than now. Now, if we want to send a video, we can send a Youtube link instead of the actual video, or an Imgur/Pintrest/Instagram/Flickr link instead of the actual picture. Or the images and movies just get uploaded to Facebook. These factors increased the chances of people indiscriminately opening email attachments.
However, society now largely understands not to open attachments from people they do not know, or even if they are not expecting an email with an attachment. There are still plenty of exceptions, such as the FedEx/UPS shipping notification virus of recent years. As a result, the predominate means of computer infection is through websites.
Computer infections from websites typically occur in one of two ways:
1. The website itself gets compromised and the virus writer loads the virus within the webpage. This happens when a virus writer finds a known vulnerability in a web page, or the website owner writes sloppy code, allowing for compromise. Virus writers accomplish this attack by continually scanning the Internet for computers with known bugs running on the server. Once a server is identified, the virus writer then attacks the server to gain access and upload the virus to load as part of the webpage. This virus then attempts to infect anyone visiting the website. The success of the virus will depend on what the user has done to protect himself while browsing the web.
A variation of this attack is call XSS, or “cross site scripting.” It is a fancy term for inserting code into a page to direct website visitors to another page. Basically, a virus writer will load code designed to redirect web site visitors to another infected page. The original website does NOT directly contain a virus, but contains code to get the visitors to the website containing the virus. The code might be inserted through a commenting system or through a server vulnerability.
For anyone wanting a better technical description, another website has a demonstration and explanation of this technique.
2. The virus writer posts a virus-infected advertisement on the website. This happened to a “small” little company called the New York Times. The NYT had sub-contracted out the management of the website advertising network to another company. Back in September of 2009, the third-party failed to provided the “quality” part of quality control and allowed a virus infected advertisement into the rotation of ads appearing on the NYT website. At the time the NYT had 10 million hits a month! One of our clients had the NYT as her home page and proceeded to get infected three times in the three weeks prior to the discover of the malicious advertisements.
Using the advertising attack vector is considerably easier than compromising an individual webserver. The NYT is also a high volume website, increasing the reach and effectiveness of the virus.
It is important to remember that just because a website has a virus embedded on the page DOES NOT mean you will get infected. The actual infection occurs in one of two common ways. There are always other ways, but these are the most popular:
A. Exploiting a known bug your in web browser code. All web browsers have bugs. Additionally, third party programs like Adobe and Java are constantly attacked as well, as both products have a near universal install base. A compromise of any one of these programs will compromise the entire computer.
SIDE NOTE: a programmer actually used an Adobe vulnerability to jailbreak the iPhone. The iPhone itself is protected, but a third party program vulnerability allows complete control over the phone.
B. Tricking you to installing the virus. Have you ever visited a website that informs you that you cannot view the video on the page and that you must install a program to view the video? Under certain circumstances, this might be legitimate. However, the majority of the time, the program that you will be installing is actuall a virus. We see these attacks regularly on Facebook and other social media sites, as users are more inclined to trust links posted by their friends. If a website is asking you to install something, please call us! We will remotely connect to your computer and help you determine if the installation is legitimate or not.
Overall, the Internet is not a safe place. Even well-known and popular websites are targets for malicious activity. Virus infections often happen without your awareness or even involvement!
Aegis IT has specific recommendations for preventing these attacks and securing your browser. We provide individual training for residential and business clients with our industry leading techniques for safe web browsing. Our techniques will drastically reduce the opportunities for virus infection on your computers. Call us today for securer web browsing!Tags: virus infection, website attacks