Methods of Infection
P2P wrecks havoc
All most all of the spyware and adware come bundled with popular free programs and also by most of the peer to peer networks like Kazaa, Bearshare, Grockster, LimeWire, Morpheus among others. They install malware on your computer as part of the P2P installation process. Applications such as Cydoor, New.net, TopText, SaveNow, Webhancer, VX2, CommonName, GetNet/ClearSearch, IncrediFind and OnFlow are a few of the applications that are installed this way and may serve up ad banners and ad messages, or track your Internet surfing habits. Unfortunately, the makers of the host programs try not to advertise their programs' hidden payloads. Reading the licensing agreement (carefully) during installation will often reveal embedded licenses for the piggybacking adware.
Spyware for FREE, any takers?
Sometimes you install an application that claims to be free but at the same time will also install a secondary program. This secondary program will then monitor your surfing habits and report them back to a central database. However, when the user selects the remove the installed application, a component of the program remains behind. The next time the user connects to the Internet; this component re-downloads the remainder of program and reinstalls it.
What are Drive-by-Downloads?
Another scenario is you visit a website that pops up a window with a message like in order to properly view this website you must install this program. The FTP / HTTP Get request will initiate the download of the software onto the client machine. Installation will be performed by the user and during this installation they will be asked permission to install the malware as well as the software. Malware may also be installed through accessing a website, whose prime aim is to drop Spyware onto the client. The malware installation will be embedded within the web page. ActiveX (a Microsoft technology) is then utilized to install the malware (generally as a browser plug-in), on the client. ActiveX is a mechanism which allows applications to be run within other applications. This installation will allow the malware to operate every time the browser is opened.
ActiveX is Microsoft's answer to the Java technology created by Sun Microsystems and is roughly equivalent to a Java applet. The main thing that you create when writing a program to run in the ActiveX environment is a component, a self-sufficient program that can be run anywhere on your web page. This component, or ActiveX control, could be anything from a scrolling marquis to an animation that is seen on the web page. It could also be an area where the visitor enters information about himself or his credit card. ActiveX is useful in marketing because it can be used to make web pages much more interesting as well as efficient and effective. http://www.upstreamcio.com/glossary.asp
Another common method of malware intruding an unprotected system is when visiting a site in Internet Explorer that displays an advertisement or misleading download link that you have to click on to continue. That's when the site installs one or more programs on your computer, without asking any further permission. Sometimes these are referred to as 'Drive-by Downloads'.
The Vulnerability route
Another method of "infection" is through exploiting security holes in Internet Explorer. Even if a user doesn't click on something on web page, a malicious site can deliver its payload of malware. CoolWebSearch, one of the most notorious pests in recent times is suspected to be installed by pop-ups exploiting security holes in IE. Merijn Bellekom has fully documented the metamorphosis of CoolWebSearch in his Coolwebsearch chronicles.
Many dialer programs use hidden windows, when the user opens the web browser after installation of a carrier software package, which masquerades as a useful program like free games or a screensaver, the dialer application opens in a new hidden window, turns off the sound of the users computer and calls a phone number without the users permission.
On the other hand Trojans can be spread in the guise of literally ANYTHING people find desirable, such as a free game, movie, song, etc. Victims typically download a Trojan from the web archive, got it via peer-to-peer file exchange using IRC/instant messaging/Kazaa etc., or just carelessly opened some email attachment. Trojans usually do their damage silently. The first sign of trouble is often when others tell you that you are attacking them or trying to infect them!
Viruses enter your system via e-mail, downloads, infected floppy disks, or (occasionally) hacking. You get a virus when you copy infected files to your computer, then activate the code inside by running the infected application or opening an infected document.
Next: Symptoms of Infection