This is a question that we get a lot, from our customers and from people that just stop in to converse about computer issues. This is something that is a lot more complicated to answer than most people hope. It’s not as simple as “Just don’t open that email from the Nigerian prince who wants you to help him transfer millions of dollars through your bank account,” or “Don’t click on that pop up ad that promises to remove 5,384 viruses from your computer and speed up your PC.” Although both of these are good advice because neither one of them is going to deliver what they promise (quite the opposite), it’s not just a simple solution that will protect you from all kinds of malicious content on the internet.
I read an article a few days ago that got me thinking. That thinking is what lead to this post. The link to the original post is located here on Ars Technica under the headline Attack for Flash 0day goes live in popular exploit kit.
A few points of definition before I continue. First off is the term 0day or zero day. This refers to something that was previously unknown by the general public, especially in the sense of computer security. A 0day exploit is a security problem that the software vendor (in this case Adobe, because it’s their product Flash that’s being discussed) hasn’t found out about yet to fix. The criminal element that seeks to exploit your computer uses 0day bugs or exploits to craft software in order to infect or take over your computer. Once software companies and anti-virus software makers become aware of both the vulnerabilities and the malware that seeks to exploit them, they can update things to protect the people that receive the updates. For this reason, it’s always a good idea to make sure that you both keep your software up to date and to run an anti-virus software that regularly updates its ability to detect new malware.
The second term that it helps to understand is “exploit kit.” Just like you can download software to help you accomplish things productively, like writing a document, people who seek to create software to compromise your computer and the information contained on it can purchase and download a software package that allows them to expedite production of malware. So, they don’t have to do the heavy lifting when it comes to writing the next piece of software that’s going to break into your computer or steal your information. They just buy a software package that helps them quickly piece it together. This is also a software package that gets updated. With 0day exploits. See where this is going?
So … how does malware get onto your computer? Here’s one possible way (and this does actually happen). A web page with moderate traffic gets hacked. The hacked page has some of its embedded Flash code modified to take advantage of a 0day exploit. You happen to visit that web page and you have a vulnerable version of Flash installed on your computer (which might be the latest most up to date version of Flash, but it just hasn’t been patched yet because Adobe didn’t know that it had to be). When you access the page and it loads the Flash object it triggers the exploit which downloads a program to your computer, runs it, and it installs malware in the background of your computer. Once that program is running on your computer it can monitor your internet traffic, copy down passwords as you type, target you with all kinds of unwanted ads in your web browser or use your computer to send out spam email messages for a spammer. All because you visited a web page that would normally have been safe. It doesn’t have to be on a web site that is full of questionable material like porn or illegal downloads of music, movies, and/or software.
This is just one of many scenarios that can exist. These 0day exploits (and any other unpatched vulnerability on your computer) can result in exploits of all kinds through web browsers, add ons like Java and Flash, Microsoft Windows and other operating systems, your email program, and many other common software programs. It certainly helps to make sure that you keep your operating system (i.e. Windows) up to date, software programs like Java and Flash up to date, and your anti-virus software up to date. It also helps to stay away from questionable web sites that are involved in the circulation of things like pirated movies, music, and software. Also, those pop ups that offer to speed up your PC and fix 5,384 viruses on your computer don’t help either.
Hopefully the information provided here will at least help to answer part of the question of how malware and viruses could have gotten onto your computer. There is no bulletproof way to keep malware off your computer but we’re firm believers that a good anti-virus program helps the fight. We’ve been using Avast Internet Security in house for a while now, so if you’re looking for a solid solution it is definitely a good option. Using this link will get you 20% off your purchase.