How exactly does malware infect you when you browse suspicious sites?

[Wermut]

Hello everybody,

I just wiped my system after I found out it had been hopelessly compromised.

Now I want to understand how exactly the infection occurred in the first place.

My setup is as follows:

- Windows 7 Home, always updated

- no password (because of UAC this should not be a problem)

- Microsoft Security Essentials as Antivirus

- Opera for internet browsing

I never open executable files when I am not sure they are clean.

However, I often surf very suspicious sites related to filesharing services. I am quite sure that the infection occurred somehow along these lines.

Now my question is: What exactly is the point of entrance for malware when you only browse "dangerous" sites? What settings do I need to change to avert this risk?

Regards,

Wermut

[CWB]

changing the settings between ones ears asides (i have to check suspicious links for another forum i belong to) ...

i use :

ESET smart security 5

trafficlight (by bitdefender)

WOT

FF (13b1)

ESET is set to check everything coming in and going out , block known bad urls , etc .

trafficlight and WOT perform site/url blocking (added security) .

i have had all four block or "flag" a site/url or individually catch "something" before any damage was/is done.

i download stuff to a dedicated folder and then scan it again .

however ... filesharing sites as well as the "products" available have a higher chance of being infected .

*something* about going to a house of "ill repute" to read the newspaper ; sooner or later ...

[David H. Lipman]

However, I often surf very suspicious sites related to filesharing services. I am quite sure that the infection occurred somehow along these lines.

Now my question is: What exactly is the point of entrance for malware when you only browse "dangerous" sites? What settings do I need to change to avert this risk?

What sites ?

There are numerous ways they malware can be pushed to your PC. Some can use exploit code, some systems will serve up a legitimate application that had been repackaged with a trojan or two. Some files are outright frauds saying they install application X when they install something completely different.

In short, STAY AWAY from so-called file sharing sites unless you have a trusted friend who specifically points you to a particular file.

A perfect example site was FileAve.Com. It does not exist anymore BECAUSE it was used maliciously without the site owner taking the proper measures and precautions. Another example is DropBox. The amount of malware served up by them is beginning to reach a point where they may too be a target of a takedown action.

[mountaintree16]

I use MSE with Mbam paid, a hefty HOSTS file, and I keep all plugins and programs updated, and surf safely, of course. To date, I've never had a problem. I also (primarily) use Opera.

[exile360]

I agree completely with everything David said above. You really have to be cautious where you browse these days, though even known legitimate/safe sites can be hacked/compromised, it happens far less frequently than with the riskier parts of the internet.

Beyond that, also keep in mind that with the growing popularity of Windows 7, malware is now frequently being designed to bypass UAC, either by using exploits, as David describes above, or simply silently running executables which install infections in such a way that they do not require UAC elevation, for example writing to the HKCU reg keys instead of HKLM and saving their files to your user account's data folders instead of those for all users and instead of saving them in the Windows folder.

Also keep in mind that Malwarebytes Anti-Malware PRO is extremely effective against the latest, nastiest threats thanks to our excellent team of dedicated Researchers who are not only out hunting for samples of new threats on their own, but also have the help of dedicated, hard working volunteers from throughout the security community who take the time to provide us with samples of new infections as they themselves discover them (David, who posted above is one of those dedicated individuals).

Also, with our malicious website blocking mechanism, we can frequently block the sources of infections, so even if a threat is unknown to our scanner, the source of it may be blocked, preventing the infection from ever getting to your system. It's great for stopping things like injected code from other websites injected into safe websites and for blocking malvertisements (malicious advertisements which load malware on safe sites) and all sorts of other badness.

I'd recommend you give Malwarebytes a try if you haven't already as we do offer a free 14 day trial which can be activated at any time via the Protection tab and I know for a fact that Malwarebytes does not conflict with Microsoft Security Essentials as that's the antivirus I use myself.

There are other measures you can take to protect yourself as well, such as keeping Windows up to date along with other software you have installed on your system, such as all Adobe products (Flash, Reader etc.) as well as Java and Office if you have them installed.

Some great tips on keeping your system clean may be found here.

[Guest Seagull]

The first most important thing you can do is make sure all your software and windows are updated.

Second would be to install a Anti-Virus, but an Anti-Virus is only as good as its updates and if its configured properly. I see this on so many machines people have a Anti-Virus and

they install it and leave it on all the defaults, you can significantly increase your protection if you configure your Anti-Virus properly. It doesn't matter which Anti-Virus you

use every Anti-Virus has advanced settings to further increase its protection, but this can also increase False Positives, not saying it will but it is possible.

I personally use Kaspersky Internet Security 2012 and Malwarebytes PRO and I never had an infection with this combo, the same with using

ESET Smart Security 5 and Malwarebytes PRO. Both Kaspersky and ESET have some really nice advanced settings to make it extremely difficult for Malware

to enter your system. Also using a browser other then Internet Explorer (which you are) can help too, since Internet Explorer is more widely attacked.

I hope this helps.