How did that computer get infected? Not the way you think!

When a computer is infected with a virus today, many IT support technicians assume the user contracted that infection as a result of visiting a pornographic web site.  In fact, that represents a small percentage of the infections that are occurring with the current generation of malware.  That was a much more common infection vector in years past, but not so much in 2013.

Before going into a list of ways a computer can become infected, it may be productive to state the obvious -- no rational computer user deliberately sets out to do anything that will lead to a virus infection on their computer.  Some may engage in what they know is risky behavior, but will usually heed a warning that clicking on a link or downloading a file may cause their computer to become infected.

So, how are computers most likely to become infected today?  It is indeed through web sites, but not the ones that are considered to be "high-risk."  Those traditionally risky sites include pornographic, peer-to-peer file-sharing, gambling, and pharmaceutical sites.  While there is still some risk associated with visiting those sites, those represent a small fraction of the actual sources of infection today.

By far the most common sites to spread malware are legitimate ones that have been hacked and compromised by the producers of malware.  These include Fortune 500 companies, news media, television networks, and many small-business or personal web sites.  Many of these are easy pickings for the bad guys.  In a disturbing twist, a recent analysis by a major security software vendor revealed that you are 4 times more likely to become infected by visiting a church or religious site than a porn site!

Another recent study found that some 75% of the 100 most-visited web sites had been infected.  Most users trust these sites, because they belong to reputable companies and, in many cases, the user has actually typed in the URL instead of clicking on a link in an e-mail message.  Or they may have clicked on a link in a search engine result, from a search they initiated.  Most users don't associate any risk with visiting these sites.

As far as search engines, malware authors employ various techniques to make their infected links show up high in the results.  This is true of any search, but much of their effort is directed at searches for celebrities, nude photos, and breaking-news headlines.  Users need to pay particular attention before clicking on any of those links.

Making the threat worse is the fact that a high percentage of malware now operates "behind the scenes" on web pages, using programming languages and tools such as Java and Flash.  Many of these programs have known vulnerabilities that are exploited by malware to infect systems that have not been properly updated.  This type of attack avoids detection by most anti-virus programs and thus requires additional protective measures to prevent infection.

A related source of infection is what's known as "drive-by downloads."  These are malicious programs that infect a computer without the user doing anything to invite them.  In some cases they will be downloaded as soon as an infected web site is accessed; in most cases the user sees no indication that a file is being downloaded.

The remainder of infection vectors fall into the traditional categories, namely e-mail, social media, and external media such as thumb drives.  Even so, most of these involve directing the unsuspecting user to click on a link or download a file.  So the cautions outlined above apply equally to these additional types of exposure.

How, then, to protect a computer against all of the modern-day threats?  Clearly, the days of trusting an anti-virus program to provide all the necessary protection are long gone.  While it's still vitally important to have an anti-virus program protecting every computer, several additional elements are required in order to be adequately protected. Here is a summary of the minimum requirements:

  • Internet Security suite, including firewall, possibly parental controls, and malicious web site blocking
  • Spam filtering of incoming e-mail
  • Windows Updates applied automatically
  • Other ancillary software updated automatically

If all of these protections are in place and maintained on a given computer, it is far less likely to become infected than others in the same environment that are missing one or more of these pieces.