• Explore
  • Blog
  • Podcast
  • About
  • Services
  • Contact
Menu

Exploring Information Security

Securing the Future - A Journey into Cybersecurity Exploration
  • Explore
  • Blog
  • Podcast
  • About
  • Services
  • Contact
BSides Nashville 2015

BSides Nashville 2015

How did I get infected with malware?

May 18, 2015

The question

“How did I get infected with malware?” is a question I get asked quite often in my day job when I am investigating a machine with a malware infection. The answer usually comes down to, “It is not your fault, you are on the internet and these things happen.” Sure, some sites are more risky than others. Go off the beaten path and there is an increased risk of viruses, trojans, cryptolocker, spyware, and all sorts of icky things will make their way onto a computer. The reality is that malware can make its way onto a computer from just about anywhere. Two examples of legitimate websites passing out malware visiting a site like Forbes, or visiting celebrity chef Jamie Oliver’s website, or any really any other site running advertisements.

Some websites are running platforms and applications with unpatched security flaws or running advertisements that have not been properly vetted by the advertising agency. Both of these security shortcomings on websites can lead to computer infections that happen behind the scenes and undetected.

What can be done?

Keep your computer up-to-date, install EMET, and implement some safe browsing tools.

To keep your computer up-to-date use Secunia's Personal Software Inspector (PSI). It's free, it's easy to use, it keeps your programs up-to-date with the latest patches.

Install the Enhanced Mitigation Experience Toolkit (EMET) from Microsoft. It's free, it's easy to use, and it protects your computer from nasty things. 

Enable Click-to-Play on your browsers. Easy to implement, but a little more annoying to use. Essentially, you choose when applications like Flash play, so nothing runs that you don't want to run in your browser. Yes, it's a little more annoying to browse the web, but comes with the benefit of improved load times. It's not going to suck up bandwidth if it can't run.

If you need help or want a further explanation on any of these tools or if you want more leave a comment or email me at timothy.deblock[at]gmail.com.

This post first appeared on Exploring Information Security.

In Technology Tags infosec, internet, malware, defense, tools
Comment

Latest PoDCASTS

Featured
Jul 15, 2025
[RERELEASE] What are BEC attacks?
Jul 15, 2025
Jul 15, 2025
Jul 8, 2025
[RERELEASE] How to crack passwords
Jul 8, 2025
Jul 8, 2025
Jul 2, 2025
[RERELEASE] How to find vulnerabilites
Jul 2, 2025
Jul 2, 2025
Jun 24, 2025
[RERELEASE] What is data driven security?
Jun 24, 2025
Jun 24, 2025
Jun 17, 2025
[RERELEASE] What is a CISSP?
Jun 17, 2025
Jun 17, 2025
Jun 10, 2025
[RERELEASE] From ShowMeCon 2017: Dave Chronister, Johnny Xmas, April Wright, and Ben Brown talk about Security
Jun 10, 2025
Jun 10, 2025
Jun 4, 2025
How to Perform Incident Response and Forensics on Drones with Wayne Burke
Jun 4, 2025
Jun 4, 2025
Jun 3, 2025
That Shouldn't Have Worked: A Red Teamer's Confessions with Corey Overstreet
Jun 3, 2025
Jun 3, 2025
May 28, 2025
when machines take over the world with Jeff Man
May 28, 2025
May 28, 2025
May 20, 2025
How to Disconnect From Cybersecurity
May 20, 2025
May 20, 2025

Powered by Squarespace