6 common sources of malware

1. Email attachments

You probably receive many emails every day. Some are from people you know and trust, and some are from strangers or some companies. Along with letters, attachments may come: files that you can open, download, or simply view. For example, documents or videos.

But these attachments may contain malware. They are triggered when you save a file to your computer and open it.

Therefore, be careful with letters from unknown senders. Attachments with unusual extensions look especially suspicious. For example, a picture or document definitely cannot have BAT and EXE extensions: these are found only in executable files.

And also use trusted email providers like Gmail or Outlook: they automatically scan attachments for viruses. And if you do download a dubious file, check it using the VirusTotal service before launching.

VirusTotal →

2. Fake websites

Phishing pages often imitate real popular resources to trick users into entering their personal information and passwords into fraudulent fields or downloading malicious software. They may not only have a similar design and logo, but also a domain name that differs from the original by just one letter or symbol.

Therefore, always pay attention to the address bar of your browser and check the URL carefully. If you have any doubts about the authenticity of a resource, do not trust it with your data. When entering personal or financial information, make sure that the site uses a secure connection (https). This will be indicated by the lock icon at the very beginning of the address bar.

Also, always update your browser. Chrome, Firefox, and Edge are good at recognizing phishing sites and alerting you if you visit one. Do not ignore this warning.

3. Downloaded Software

Downloading software from untrusted sources can lead to infection of your device. The fact is that it may contain malicious applications or unwanted additional components. Therefore, do not download anything from sites offering “free” or “cracked” versions of programs.

Even free applications should not be downloaded from various software archives with names like Free Software, Free Soft, Soft Base, Soft Portal, and so on. Download installation files only from official websites or from the Google Play store for Android or the App Store for iOS if you are using a mobile device.

And if you still need a program downloaded from a file hosting service, run it in the virtual operating system installed in VirtualBox.

Finally, even if you downloaded the installer from a trusted site, take a closer look at what checkboxes are checked during installation. Sometimes even programs from completely official manufacturers try to replace your home page, search engine, browser, or even install an unsolicited antivirus. Unchecky will help you stop this behavior.

Download Unchecky →

4. Torrents

Torrents allow you to download files (games, movies, music, etc.) directly from other users. In general, downloading them in itself is quite legal: using this protocol you can officially download Linux distributions or transfer large volumes data faster than through the cloud or email.

But often files in torrents can be modified and contain malicious software. This is especially true for distributions with unlicensed software. Trying to install a hacked graphic editor or office suite according to the “instructions” provided by the hacker, the user will disable the antivirus and grant administrator rights to the malicious file.

To avoid this, purchase programs on their official websites or use free alternatives. And avoid files with suspicious extensions.

Before downloading a torrent, pay attention to the comments and reviews of other users. If many people complain about the suspicious behavior of a file or the presence of viruses, it is better to refuse to download it. In addition, if a torrent has few seeds (distributing) or licks (downloading), you should not download it either.

5. Removable devices

Malware can come from flash drives, external hard drives, as well as CDs and DVDs—yes, some people still use optical media. If the device was connected to an infected computer, it may contain malware that will automatically launch when connected to another device.

So if you find a flash drive, don't insert it into your computer until you're sure it's safe. It is best to check the content on a PC that is not connected to the Internet, with Linux or macOS on board.

Disable AutoPlay: This feature automatically launches programs or opens files from a removable device when it is connected. To do this, click “Options” → “Devices” → “Autorun” and toggle the toggle switch next to “Use autorun for all media and devices.”

If you still need to open a file or run a program from an unfamiliar removable device, you should check it using an anti-virus scanner, for example ESET Online Scanner, Dr. Web CureIt! or Norton Power Eraser.

6. Old software

Old software that hasn't been updated in a while may contain vulnerabilities that could allow hackers to inject malicious code or gain unauthorized access to the system. Simply put, owners of the Windows 7 or 8 operating system will be much more likely to be attacked by viruses and ransomware than users of Windows 10 and 11, because the latter have security holes quickly patched up.

Therefore, make sure that your operating system and all installed programs are updated regularly. Turn on automatic updates wherever possible, and never turn them off.

If you do not use any application for a long time, it is better to delete it. This will reduce the number of potential entry points for attacks. Also avoid pirated software. It often contains malware or may be more vulnerable due to a lack of official updates.