How To

8 Ways to Accidentally Infect Your Friends with Malware

Posted on May 1st, 2013 by


A lot has been said over the years about the best ways to protect your machine from attacks and malicious code. But where do those recommendations intersect with ways to protect your friends from attacks? By failing to protect your own data, you’re sometimes putting them at risk as well. Here are a few ways people end up mindlessly spreading the malware love.

1. Neglect to Scan That File Before You Share It

That spreadsheet you shared with your friends to organize a summer beach trip could end up bringing with it some unexpected cooties. But a quick once-over with an up-to-date antivirus scanner will help keep your trip relaxing.

2. Pick Up Abandoned USB Keys and Use/Share Them


Would you pick up and use a comb someone dropped in the parking lot? Probably not – who knows what sorts of grossness could be lurking on it! But not everyone is so fastidious about their digital hygiene. A shocking number of people in one study picked up a “lost” USB drive in a parking lot. Ewh. Even experts are not immune. And then to share it with your friends? Totally uncouth. USB sticks are considered an infection vector unto themselves, as many Windows-based threats will attempt to run automatically upon inserting the drive. While it may not affect you, it may get your friends.

3. Click on Every Stupid Link on Facebook


OMG, your best friend from the 3rd grade just posted something that offers a free ticket to a tropical, sunny location just for clicking on a link! Who could it possibly harm to try it? Sometimes those scams come with more than you bargain for, and you could in fact be putting your friends’ data up for grabs by clicking that link. Be skeptical of links that seem shocking or potentially scammy. Ask them if they intended to post the link if you really feel inclined to click.

4. Fall for Phishing Scams


It’s tough when phishing emails are getting increasingly sophisticated and adept at making scary claims about what will happen if you don’t click that link. But it’s always a good idea to verify before you trust. Since the aim of phishing is in part to steal your contact data so they can hit your friends too, there’s more on the line than just your own data. If you receive an email from any of your accounts (social, financial, or otherwise) saying that you need to click a link and access your account, you can indeed check your account to be safe, but never do it via a link in email. Go directly to your browser and type in the address for the site.

5. Use a Weak Password on Your Email/Social Networking Accounts


This is much the same idea – your password doesn’t just protect access to your account, but access to your friends’ data as well. Choose unique, strong passwords and change them often, or just use a password manager that will do the heavy lifting for you. (After all, the most secure password is the one you don’t know.)

6. Break into Your Neighbors’ WiFi


It’s tempting, as more and more people get WiFi routers at home, to simply poach your neighbor’s bandwidth and save yourself that few bucks a month. But you really don’t have any idea what their level of protection is. I attempted this once on a sacrificial research machine, for the sake of curiosity and science, and the machine was infected almost immediately. That blew even my jaded, professionally paranoid mind. If you then have friends over that connect into your network, you could be putting them at risk, too.

7. Install Pirated Software on Your Friends’ Computer


Oh, the digital hygiene horror! This is the InfoSec equivalent of having a dinner party to share your “freegan,” dumpster-diving haul. It’s one thing to take your chances with your own intestinal tract or computing device, but it’s another thing entirely to share that with your friends. Warez is a popular way for malware authors to spread their wares, as many people still believe you can get something for nothing without realizing the potential consequences.

8. Be Lazy About Updating Your WordPress Installation


Your friends love your blog about designer dog sweaters, but it’s not yet caught on with the general public. So who needs to get around to updating it with the latest and greatest WordPress version? It’s precisely that problem (okay, maybe not the dog sweater part) that led to the explosion of Flashback. Lots of people with old blogs got compromised, and their friends and fans paid the price.

It only takes a little thought and effort to avoid common ways for spreading malware. The investment is far less than it would take to write sincere, contrite apology emails to your friends and family members who had to deal with the virtual crud they got from you.

Further Reading: 

USB stick photo credit: Count_Count via photopin cc
Facebook scam screenshot via CNET
phishing image photo credit: ivanpw via photopin cc
skull and crossbones photo credit: ☺ Lee J Haywood via photopin cc
steal wifi photo credit: dana~2 via photopin cc