Malware can spread in many different ways. This blog will explain most of the different methods and how they are used.
The World Wide Web
The World Wide Web is used in a number of ways to spread malware and infect vulnerable people. One of the most common techniques is to trick the user into downloading and running a piece of software that appears to be from a legitimate source/company, but is actually rigged with malware. This type of malware is known as a trojan horse, but the techniques used to encourage the user to actually download and run the malware is called phishing. Websites that offer pirated software/files such as The Pirate Bay often host these trojan horses, because criminals will upload their malware onto the site, bundled with other pirated content, making it easy for criminals to infect those who download illegal / pirated content.
Another method of spreading malware via the World Wide Web is through comprising websites. This is where hackers modify a webpage to contain malicious resources by exploiting vulnerabilities in the website. Usually the malicious resources / content is hosted on an external site owned and controlled by the hackers. They comprimise iFrames to display their malicious resources onto the webpage, resulting in the victim being infected by the malware.
USB / Removable Devices
Some devices require your computer to boot off them in order to function properly and unfortunately malware authors use this to their advantage. Malware uses your USB as a way to transfer itself onto other computers. Weirdly enough, if you have the correct knowledge on how to find hidden / protected files, then it should be pretty easy to find USB infections. Files like ‘autorun.inf’ or ‘konboot.gz’ are often used by malware to spread themselves onto other machines. Such methods of spreading are only really utilised by viruses or worms, but occasionally you may see a piece of ransomware use this aswell.
Network / Internet Connections
Network worms, rootkits and even sometimes ransomware will arrive and infect your computer via internet connections. The malware is sent to you through packets that evade Firewalls and network protection. They can also spread via local connections and wireless connections making them sneaky and hidden to the user. Malware can also be spread to systems via shared / public folders on the network.
I don’t really know a lot about how network traffic works, so this section is not explained very well.
Compromised Windows Updates / Windows Activation
If you own a pirated / cracked copy of Windows, you may be infected with malware, as the people who host the servers to “activate” your cracked copy of Windows may install malware into your system through a trojan backdoor. Moreover, they might even inject malware right into your Windows Update, allowing them to gather your documents and personal information. Many services /companies that host Windows Activation servers have been notorious for doing this.
Malware authors send unwanted emails (spam) to try to trick users into running malware. This malware can even be hidden in the email itself, so viewing previewing or even just loading the subject of the email may infect the user. Fortunately, many email providers have filters and protection against this, but you cannot guarantee that every threat will be blocked. Never open unexpected emails or emails from someone you don’t trust.
Malware authors can also send emails using someone elses email address via Outlook Express on Windows PCs. Outlook Express has had countless vulnerabilities in it’s history and I do not recommend using it. Nor do I recommend using any operating system older than Windows 7.
If I missed out any other methods, please tell me here.
I did a bit of research on malware before I wrote this blog post. If you are wondering, I watched a Pluralsight course called “Ethical Hacking: Malware Threats” by Dale Meredith.
I highly recommend starting that course 🙂