I have an antivirus product so why do I keep getting infected with viruses and malware?

Posted by Michael Trimblett on 23 September 2016

There is no simple answer to this question.  To answer this question, we must understand the motivation for writing these malicious programs, the types of viruses, who gets targeted and why and finally, what can be done to prevent viruses and malware from entering your computer system and network.


Evolution of the virus

The answer to this question has changed over the years.  In the early days, it was mainly "script kiddies" that were starting out in programming and they decided to use their new-found skills to cause a nuisance and gain notoriety.  The real world parallel that can be drawn to this behaviour is someone spraying graffiti on walls or playing mailbox baseball.  This requires relatively little skill and infection usually requires user interaction.

As time has progressed, the behaviour has changed from being a nuisance to trying to keep itself alive.  In 1998 we saw email servers crippled with the Melissa Virus which took advantage of a bug in Microsoft Word and propagated itself to all of your Outlook address book contacts.  The ILOVEYOU virus was the successor to the virus in 2000 which operated in a similar way.

The next step in the evolution of the virus is the Worm.  This type of virus takes advantage of holes and bugs in Windows to propagate itself on computer networks and the Internet.  In 2001 Code Red worm was the first worm to grab headlines as it slowed computers and networks as it propagated itself.  An infected computer would then try to infect others and on a particular date and time the virus would try to bring the www.whitehouse.gov down by overwhelming it with traffic.  It managed to infect 250,000 computers in 9 hours.  The good thing is that this worm only affects computers before Windows 2000 (i.e. Windows 95 and 98).  You won't notice it these days but, if you set up a scanner on your internet connection you will see this worm is still living and trying to infect your network even to this day.  A virus called Storm, a follow-up to Code Red, reared its head in 2007 infecting between 1 and 50 million computers, where once infected, the computer would silently send spam email.  At one point it was believed to be responsible for 20% of the world's spam.  The main purpose of spam email is for monetary gain from unsuspecting users.

More recently viruses have not had the same impact as they did in the beginning of 2000.  This is due to people being more aware and preventative technology including Windows updates, firewalls, antivirus products and NAT (Network Address Translation) routers.  With the increase of awareness and security measures, the methods of infection have become much more cunning and required much more skill as a malware author.  As documented previously on this blog, Cryptolocker is the newest, most active and most lucrative piece of malware ever created.  Cryptolocker is a form of "Ransomware" that encrypts your critical data and provides you a means to pay for decryption.  A recent calculation shows Cryptolocker has netted its authors a total of $30 million dollars in 100 days.  As this threat has been so successful, many copycat viruses have shown up on the Internet.  So we are now faced with a threat that not only propagates automatically throughout the Internet but it is a program that is specifically designed to extort money from an end a user.

To summarise, we have seen viruses evolve from a simple nuisance through to an extortion tool.  Unfortunately, these attacks never get worse, they only get better.  Malware authors are always on the lookout for ways to gain access to your system.  The more applications you use, the larger the attack surface becomes.

Why do people write viruses?

These days, the motivation is money.  As described above, over the years viruses have evolved from being a mere nuisance for notoriety to an extremely profitable and damaging product.  With a windfall of $30 million in 100 days, is there any wonder why the virus industry is alive and well?

Types of viruses and malware?

When we talk about malware, there are many types of viruses and malware whose purpose can vary.  These also can vary from poorly written applications that tend to slow down or crash your computer to professionally written applications that perform in exactly the way the author intended and can stay hidden on your system for a long time.  There are two major classes of malware, malicious programs, and Ad/Porn/Riskware.  Within these classes are multiple sub-divisions.  With so many types of viruses and malware, finding an infection and eliminating it can be a difficult, especially if it jumps from computer to computer within a network.  The known malware types are documented below:

Malicious programs

Viruses and Worms:


Trojan programs:


Suspicious packers:


Malicious tools:


Adware, Pornware and Riskware






Display Advertising
Data collection


How do viruses get in my computer?

As technology becomes more complex, the software that runs on these systems becomes more complex.  It is very difficult to write a software product that is both functional and secure.  Most applications are written without a focus on security which can lead to sloppy programing which hackers can take advantage of.  Security is usually an afterthought as it is very costly to write a functional AND secure application.  The more applications you use on your PC and network, the greater the attack surface is.  The two things hackers looks for are attack surface and attack vectors.

Attack Surface:

The attack surface is increased by the number of applications you have installed on your computer.  The more applications, the more chance an attacker will have to exploit one of these programs.  The greater the install base of a program, the bigger the target.  For example, Windows XP is still being used by 45% of users worldwide, this is a very enticing product to exploit as the install base is so large.  Java (an application installed on Windows and Mac) is installed on over 4 billion devices worldwide.  Both Windows and Java are subject to new attacks almost on a daily basis.

You may remember a few years ago Apple Mac had the unique selling proposition of "we have zero viruses".  The reason they had no viruses was not great coding of their operating system, but it was the fact it had 1% of the worldwide PC market.  This install base was not tempting enough for hackers.  Over the years since then, Apple has increased its market share and as such has become a larger target for attackers.

Attack Vectors:

An attack vector is a path or means by which a hacker can gain access to a computer or network in order to install an application or malicious software.  Attack vectors enable hackers to exploit system or application vulnerabilities which can also include the human element.
Attack vectors include documents, e-mail attachments, Web pages, pop-up windows, instant messages, chat rooms, malformed images, website advertising, scripting, cracked/pirated software, USB or removable drives and deception.  All of these methods involve programming (or, in a few cases, hardware), except deception.  Recent cases of deception include phone calls from a person who claims to be from Microsoft and fools the user in to installing an application on their computer which compromises the security on the PC or network http://apcmag.com/phone-con-no-that-is-not-microsoft-calling.htm.
To some extent, firewalls and anti-virus software can block attack vectors. But no protection method is completely attack-proof. A defence method that is effective today may not remain so for long, because hackers are constantly updating attack vectors, and seeking new ones, in their quest to gain unauthorised access to computers and servers.


The balancing act between usability and security

The main reason for lower security on computer is to provide the user with a better user experience.  The last thing most users want is the computer asking is it okay to perform this task? Or do you really want to access this part of the system?  Or the computer will ask the user for an administrative password to continue.  All of these are inconveniences that people do not have the time for and will increase calls to the helpdesk.  So, to shortcut this, the option is to turn off the warnings and give the user elevated privileges to the computer.  The problem with this scenario is that programs can run on the system without the user knowing.  This is the precise environment that allows viruses and malware to thrive.  So what is better for your business?  Happy users or locked down computer systems?  It seems you can't have both.

How can I protect myself?

The only 100% way to prevent yourself from getting a virus is going back to using pen and paper and not using a computer.  In most cases this is not an option.  So what else can be done to minimise your chances of contracting an infection?

Patch updating:

Every month (or often more frequently) Microsoft and other developers such as Java and Adobe will release patch updates for their software.  These are mostly security patches for their programs and are usually in response to known vulnerabilities in the software which are more than likely being used by hackers to compromise systems without the patch update.  Windows XP is 13 years old and is still having security patches updated each month.  Loyal I.T.'s Managed Services offering manages patch updating on all servers and workstations that it is installed on.

Use an antivirus product:

Installing an antivirus product is not a ticket to reckless on the Internet.  It is simply an extra layer of protection from the bad guys.  Antivirus products determine if a program is malicious by checking the program against its database of known viruses, this database is known as the Virus definitions.  Virus definitions are downloaded by antivirus programs almost once per day.  Whenever a program or file is accessed, the antivirus program scans it for infection, this is known as on-access scanning or real-time protection.  The system is also programmed to perform a full scan of the computer in case a virus has crept into the computer silently using a different/unknown attack vector.  The antivirus will also block suspicious activity which it may notice on your system such as a program trying to access certain files or make changes to the system, this type of detection is called heuristics.  Unfortunately, heuristics may lead to false positives and false negatives.  Depending on how the virus has been written it is possible for it to fool antivirus products into not detecting it, such as the always evolving Cryptolocker.  Loyal I.T. recommends Vipre Antivirus to protect your network, workstations, and servers.

Use an antimalware product:

As discussed above, antivirus products detect viruses by their signature or activity.  Malware that is not classified as a virus (commonly adware and spyware) will not get detected by antivirus products due to the program signature or activity not technically being viral activity (even though the outcome may look the same to an end user).  Whilst malware that is not a virus and is generally not openly malicious, it can invade your privacy by collecting data and sending data about you or leaving a door open (an additional attack vector) for a virus to infect your system.  As the water can sometimes be muddy between the definition of a virus and malware it is recommended to run both an antivirus and an antimalware scanner.  The most common free-for-use antimalware product is Malwarebytes.

Use a security firewall on your Internet connection:

One of the reasons why Code Red and Storm were so successful was that dial-up modems and routers would allow all traffic through them directly to the PC.  These days routers come with a low quality firewall NAT routing as standard which mitigates most unsolicited direct connections from the outside world to your PC.  This slows the propagation of worms.  It is recommended to install a higher quality firewall product on your internet connection.  Loyal I.T. recommends Draytek firewall appliances to protect your network from intrusion.

Disable scripting in your web browser:

99.9% of viruses and malware contracted via the Internet could be prevented by disabling scripting.  Unfortunately, most websites require scripting to display properly and as an unwanted side effect, viruses like to take advantage of scripting to deploy themselves on your PC or network.  Firefox has an add-on called "NoScript" and Google Chrome has "NotScript".  There is currently no comparative product for Internet Explorer.  These products are free however they become hard to manage as most websites will break and require you to manually allow scripting for these sites to work.  This comes back to usability vs security, you lose usability to gain security.

Add an advertising blocker to your web browser:

Surprisingly, even trusted websites can be the source of malware deployment by the way of scripting within advertising.  As many websites provide advertising via web advertising agencies, these agencies may not properly scrutinise the advertising they are providing and as such some advertising can contain malicious software.  The best way to minimise the risk of these advertisements infecting your computer is by using NoScript/NotScript or install an advertising blocker on your browser.  In Firefox and Chrome, the free add-on Ad Block Plus will block most advertising that may compromise your computer.  This however, raises an ethical question: if a website is providing a free service and is relying on revenue by serving you advertising then is it ethical to block the advertising and consume their content anyway?  This ethical conundrum can only be answered by the personal ethics of the end user.

Do not open emails or follow links provided by someone you do not know:

Email is the most common source for "clickbait" followed closely by social media on Facebook and Twitter.  With web services such as Bitly and other URL shortening systems it can be difficult (if not impossible) to know where the shortened URL will take you.  If it is sent to you by a source that you do not know or it is out of character for the person you know to send you a link, it will probably lead you to a website where you will get infected with a type of malware or virus.  It is best to ignore or delete these requests as soon as you get them.  It's akin to taking candy from a stranger don't do it!

Only visit websites you trust:

You can (mostly) get away with not having security on your computers if you enforce a policy of only visiting websites that you trust.  Web sites such as Google or banks will be okay but sites such as The Pirate Bay will not be.  As mentioned above, high-quality firewall products can enforce site filtering.  Blacklisting blocks known bad websites filtered by category such as social networking or advertising (the key is known there may be websites allowed that have malicious content i.e. a false negative).  There is also a filtering technology called Whitelisting (which is much more reliable) which blocks all websites unless they are specifically allowed.  Again, this will take quite a lot of time to properly manage but it again comes back to: do you want usability or security?

Do not allow administrative access to the PC being used:

To ensure a smooth user experience, users will ultimately be allowed to change configuration settings on their computer.  To do this, you need what's called local administrator rights or elevated privileges.  This allows the user to change various settings on the computer, access different sections of the computer and allow programs to be installed.  It is the allowing of programs to be installed that causes the most problem when talking about contracting an infection by malware or virus.  Installation of programs (including viruses and malware) contracted by surfing the web or following a malicious link often require elevated privileges.  If these privileges are turned off then the attack surface shrinks as some of the attack vectors become redundant.  Doing this however, will lead to a more restricted user experience and may result in more support calls in order to perform daily tasks.

Enable User Account Control on Windows Vista and above:

User Account Control is the pop-up message you will often see after you try to install a program or open a section of the computer that requires elevated privileges.  This is a warning to say something that will affect the system is about to occur.  If this message pops up and you have not started a program or do not know what could have caused it, press cancel to deny privileges to install on your system.  This is the final safeguard to prevent a virus getting in to your computer.  If you permit the unknown program to run then your system may become compromised by a virus or malware.

Now that you understand how viruses make their way on to your computer and the methods of virus prevention, please don't hesitate to contact us to help you develop a security strategy for your business.

More technical information


Attack vectors http://searchsecurity.techtarget.com/definition/attack-vector

Types of viruses https://www.securelist.com/en/threats/detect?chapter=125

How antivirus products detect viruses http://www.howtogeek.com/125650/htg-explains-how-antivirus-software-works/

Why do people write viruses http://www.techrepublic.com/blog/it-security/why-do-people-write-viruses/

Virus evolution http://computer.howstuffworks.com/virus3.htm

Posted in: Windows Security Networking Security  

Introducing Enos Gagau

Posted by Michael Trimblett on 19 September 2016

With our technician Adam Moss leaving for a dream 7-week vacation to the United States, we have some pretty large shoes to fill.  Enter Mr. Enos Gagau.  Enos will be helping Peter on the helpdesk while Adam is overseas.
Enos has recently completed his Diploma of Telecommunications Network Engineering after graduating high school in Papua New Guinea.
Please join with us in welcoming Enos to our team.


Posted in: Team News Misc  

The Gang Sleeps Out For Coast Shelter

Posted by Michael Trimblett on 31 August 2016

It was a dark and stormy night...  Well, it was dark and there was rain, but it was hardly a dreary evening.  With live music, a reptile show and catering by Julie's Place, the volunteer homeless-for-the-night couldn't have had it better.

Loyal I.T.'s contingent of sleepers included Naomi, Raewyn, Peter, Brendan L, Brendan C (ex-employee), Michael T, Michael G and Julie Goodwin.  The night consisted of sitting around the park bench playing cards, some of us found warmth in a warm cup of soup or in the bottle of Jim Beam.  Others warmed themselves by the glow of their mobile phones as they played Pokemon Go.

After the reptile show had been and gone, we had the opportunity to have a group photo with a Harley Davidson and a big snake.  Can you tell from this photo which two of the group did not want anything to do with the snake?

Once the festivities were over we were left to our own devices.  Some took a self-guided tour of the reptile and snake exhibition.

Others retreated back to the park bench for more card games until the early hours of Saturday morning.  When we decided to call it a night, the hard part began.  Finding a semi-comfortable patch of dirt to sleep on. This was as cushy at it got.  It didn't help when at about 4am the sky opened up and those without coverings were awoken.

Brendan made some new friends when packing up in the morning.

Thank you to everyone who supported the Zoo and Snooze this year.  The grand total contributed by Loyal I.T.'s group alone was over $9600!

We all look forward to doing it all again next year.







Posted in: Misc Coast Shelter Zoo & Snooze Funrdraiser  

The Gang Gives Blood

Posted by Michael Trimblett on 28 July 2016
The Gang Gives Blood

Hot on the heels of Naomi's effort in giving blood back in April, Naomi has inspired both Michaels to accompany her in giving blood in July.

Not ones to say no to a challenge especially when it is helping the community, it was however met with some trepidation due to the size of the needles involved.  With Naomi taking the lead, both Michael's manned up enough to shake off their enetophobia, roll up the sleeve and squeeze out some life-giving elixir all for the betterment of other people.  Yes, I might be overstating it a little but, for anyone who has given blood for the first time, these are the thoughts that go racing through your mind.  Sitting in the chair, rolling up the sleeve and grasping the squeezy toy designed to improve blood flow, and mumbling the mantra of "this won't hurt", "it's for a good cause" and "we're saving lives", when suddenly the blood gathering machine starts beeping... and it's over.  Was that all?  Did the needle go in?  I don't even feel light headed!  Leaving the chair and walking in slow motion like the end of an action movie, I spy the recovery area with any number of complimentary sugary treats.  Big cookies, milkshakes, juices and lollies amongst other delicious snacks.  We all gathered in the recovery room where we recuperated satisfied in the knowledge we have just saved 9 lives.


In October, we will roll up the sleeve and give blood again, hopefully with more Loyal I.T. volunteers in tow.  Follow Loyal I.T.'s progress here.



Posted in: Misc  

How to tell a fake email from real

Posted by Michael Trimblett on 1 July 2016
How to tell a fake email from real

How to tell a fake email from real

With Cryptolocker and its clones still infecting businesses, the best way to thwart hackers and scammers is to be aware and alert.  Email used to be a relative safehaven but with the advent of these ransomware products, email has turned into a hostile environment.  So how do you tell what is a legitimate email and what isn't?  Here are 4 tips to help you prevent getting infected:

1. Always be suspicious of unsolicited email.

The internet is a hostile place and scammers are looking to take advantage of people's trusting nature.  Expecting your antivirus and/or antispam product to remove all malicious email is a fools paradise.  Your antispam or antivirus product is probably removing most infected email so the fact something made it through lulls you into a false sense of securtiy.  Always have your shields up and trust no one.


2. Check that email address is from a legitimate source.

For example, the a recent AGL bill email I received had what appeared to be the AGL Energy billing department as the sender.  You would expect AGL to have the website agl.com.au or something similar, but if you look at the email address from which I received the bill, it actually came from an Italian company, not AGL!

AGL Email Address


3. If you are invited to click on a link within the email, make sure it is from a legitimate source.

If you hover your mouse over the link you will see the address it will take you to.  If it is an unexpected address, do not click on the link.  In this case shown below, I would expect to see the link go to agl.com.au, instead it will send me to alterfiction.com.  What is alterfiction.com?  Probably a crypto ransomware.  Hackers can be very crafty when it comes to disguising their links within email often changing a single letter in the domain name.  For example, amazon.com could become amezon.com and you may not even notice the difference until it's too late.  The rule of thumb is NEVER click a link or open an attachment in an unsolicited email.  And I mean NEVER!!  If you have a bill due for payment and you received this information via an email, do not click the link or open the attachment.  Instead visit the website manually to check the status of your bill/account.  Going to the website and checking manually is a pain but it is far less painful than having to recover from a crytpo ransomware attack.

AGL Link

4. If in doubt, chuck it out.  Press the delete key and avoid being hacked!

We hope these simple tips help you manage your email better and allow you to make the correct decision when deciding whether to click on a link in an email.

Posted in: Security  

Latest News

The Essential Eight-cyber security mitigation strategy

Aug 19 2020
Before we talk specifically about the The Australian Cyber Security Centre's (ACSC) recomme...

Email contact


for enquiries or log a job.

The move was seamless thanks to Anthony. He did a great job so thank you so much. It is always good to involve someone who understands our business and I.T. requirements, so we were very lucky he was available. Please pass on a big thank you to Anthony he is lots of fun and efficient to boot!!...

Kylie Kelly
Read All
Bookmark SiteTell a FriendPrint