How did I get a computer virus (malware)?

In the past, computers were not designed to be secure. Machines were simple and not networked. To make things easier on the user, programmers allowed most of the system to be “open access” to just let things work. Now, the systems are highly complex and networked. Open access is not an option as people value their data and privacy. The problem is that some of the old bad practices of “open access” and “ease of use” have stuck around. Also, programmers make mistakes and sometimes have written code that works but doesn’t do what it is supposed to do when something unexpected happens. This is called an exploit and these flaws are commonly used to gain control over a computer.

Computer Malware is not randomly generated code. A person wrote the malware with the ability to run on a computer. While there are a few other ways to get a computer virus, these are probably the most common methods I see today.

1. Viruses can spread by storage media like CD/DVDs, hard drives, and flash “thumb” drives.
An example of this would be plugging in a flash drive or removable hard drive with an “Autoruns” virus on it. As soon as the system sees this code, it automatically runs what it’s told.
This is an exploit of the Operating System’s trust of the physical hardware plugged into the computer.

 

2. Trojans pretend to be something they are not but usually have other intent or purpose.
“AntiVirus 2009” may show fake alerts and pop-ups about problems that really don’t exist. Another example would be downloading something CLAIMING to be Adobe Flash but really being a Trojan/Virus.
This is an exploit of the user’s trust in what the user sees.

 

3. Worms tend to automatically spread by network connections (internet).
These are spread by email, by exploiting program flaws on computers, and social networking sites like Facebook.
These worms exploit the user’s trust and flaws in the Operating System/Software in order to spread.

Here you can see the main security concerns are exploits and trust. The Operating System and Software trusts the input it gets is valid. Once the input becomes invalid, the unexpected result allows the malicious programmer’s instructions to take over. The other side is in the user. If the user is tricked into believing fake information or downloading and running a bad program, that program is given full access to the computer. A combination attack could trick a user into visiting a bad site or email that exploits flaws in the software on the computer.