5 ways malware can infect your PC

How-to
By Michael Graw
published

Defending against malware starts with knowing how your computer can be infected

Magnifying glass enlarging the word 'malware' in computer machine code
(Image credit: Shutterstock)

Malware attacks are on the rise, which means every PC owner needs to be on the lookout for threats. The first thing you can do to defend yourself is to know how malware makes its way onto computers in the first place. We’ll take a look at the five most common ways malware can infect your PC.

Perimeter 81 is one of TechRadar's choices for the best SWG providers

Perimeter 81 is one of TechRadar's choices for the best SWG providers

Protect your employees and network from web-based attacks with a Secure Web Gateway. Filter out malicious threats. Monitor all employee activity. Streamline compliance. Secure your entire workforce, whether on-prem or remote with Perimeter 81. Deploy in minutes. Start now.

View Deal

1. Phishing emails

Phishing emails are messages sent by malicious actors trying to trick you into taking a specific action. Phishing is frequently targeted at employees of large businesses. A hacker posing as a supervisor or executive can potentially trick an employee into giving up their passwords, thus giving a bad actor access to the company’s network.

However, phishing emails can also be directed at individuals as a way to get them to download malware onto their devices. These emails may contain a link or an attachment that automatically downloads malware when clicked on.

The best defense against phishing emails is to be on guard when checking your inbox. Never click on links or attachments in emails from a sender you don’t know.

Unfortunately, attackers can also impersonate someone you trust, like a friend or colleague. If anything about an email seems suspicious, such as pressure to open a link or receiving a document you never asked for, contact the sender directly to confirm if they really sent the email.

2. Connected devices

Storage devices like USB drives, external hard drives, and SD cards can all harbor malware. Once an infected device is plugged into a new PC, it can easily jump from the external drive to the computer. The transfer is usually very fast and invisible, so you probably won’t realize your computer has been infected.

You could simply avoid peripheral devices altogether, but this isn’t practical for most people. Instead, a good practice is to only plug in USB devices that you trust or know where they were previously used. If you have an external hard drive that you use for your files, use it only for your computer and avoid plugging it into other devices.

Another option is to use Windows Defender to automatically scan connected devices after they’re plugged in and before they fully connect to your system. This requires making changes to your Windows Registry. Here are the steps:

  • Open Windows Search and enter “Regedit”, then open the registry editor
  • Use the address bar to navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender
  • Right-click Windows Defender and select New > Key. Set the name of the key to Scan
  • Right-click on the Scan key and select New > 32-bit DWORD. Set the name of the DWORD to DisableRemovableDriveScanning
  • Double-click the DWORD and set the value to zero

Now, every time you plug in a USB-connected device, Windows Defender will automatically scan it for malware.

3. Malicious websites

Visiting an infected website is one of the most common ways malware can get onto your computer. Most malicious websites are spoofed versions of real websites. They may have a similar domain name, with just one letter changed to fool you. They may also look very similar to the real website that they’re mimicking and encourage you to download malware by clicking on a link.

Malware can also come from legitimate websites that have been compromised. In many cases, the site’s owner may not realize the website is infected, and any device that connects to the site could potentially become infected.

The good news is that most modern browsers have built-in databases of malicious websites, which will automatically prevent you from connecting. However, this only helps if the website you’re trying to visit is known to be malicious.

A more comprehensive way to defend against malicious websites is to use a secure web gateway (SWG), like Perimeter 81.

An SWG automatically analyzes every website you connect to for suspicious traffic and automatically blocks the connection if a site may be carrying malware. An SWG also limits what types of data can be transferred to and from your computer, potentially preventing executable malware from being downloaded without your knowledge.

4. Compromised software

Unfortunately, not every piece of software is coded perfectly to lock out attackers. The software can have openings in its code that hackers can exploit, and anyone with this software on their computer may be vulnerable. This is why major hacks like the Sunburst attack and the Log4j attack can affect so many companies at the same time.

Software providers typically begin working on a patch as soon as they discover their code is vulnerable to attack. This patch is usually released in the form of a software update. You’ll only be protected if you install the update.

So, it’s a good idea to enable the software on your computer to check for automatic updates. You may also want to perform your own manual check for updates for all of your software, including your operating system, every few months. If updates are available, install them right away.

Another thing to remember is that it could be months from the first exploitation and spread of malware to when the software provider discovers the attack. This is a key reason why you should run antivirus software on your computer. Even if you don’t know how a piece of malware made its way onto your system, your antivirus software can quarantine it and prevent it from causing damage.

5. Peer-to-peer downloads

Peer-to-peer file-sharing systems, including torrents, are often used as a way to download music, games, books, and more. Unfortunately, file-sharing sites present a tremendous opportunity for malicious actors to spread malware. It’s very difficult to know whether the file you’re downloading is really a new song, a piece of malware, or both.

Even antivirus software can’t scan a shared file for malware before you download it and potentially infect your system. Many people who use torrent sites choose to download shared files to an older computer they don’t mind infecting, then run antivirus software to scan each file before transferring it to a newer device.

Alternatively, you can use the built-in sandbox feature in Windows Defender. This enables you to download files to an isolated environment where they can be inspected for malware before interacting with the rest of your system.

Conclusion

Malware can make its way onto your computer through phishing emails, connected USB devices, malicious websites, compromised software, and peer-to-peer downloads. It’s up to you to be proactive and avoid downloading malware in the first place. You should always run antivirus software so that you can detect any malware on your system and prevent it from causing damage.

Michael Graw
Michael Graw

Michael Graw is a freelance journalist and photographer based in Bellingham, Washington. His interests span a wide range from business technology to finance to creative media, with a focus on new technology and emerging trends. Michael's work has been published in TechRadar, Tom's Guide, Business Insider, Fast Company, Salon, and Harvard Business Review.