# How Malware Spreads ### 3. How Malware Spreads Malware basically spreads via a large number of mechanism such as: * Email attachments We can change the extension from `.exe` into `.jpg` so that user will be tricked believing that it is an image * Already infected files If you have been infected by a virus for a day, you need to think about what it might have already done during the 1-day time-frame. If the virus was the re-infection kind, then it must have infected numerous of other files, which open access/execution will activate the virus again. Once you are infected by a virus, it is then very hard to remove the infection from the system. * Peer-2-peer file sharing Nowadays, around 30%-40% of all available files in file-sharing networks can be assumed to be infected with malware. Some of the clients are ad-supported or are pre-bundled with malware. They also may contain hidden backdoors (intentionally or unintentionally). * Web-sites These kinds of attacks are also called drive-by-downloads. A website Y will exploit your browser in a way and then download the remaining part/body of the malware. Drive-by-downloads are triggered upon visiting a HTML page. * Internet connection/Local network For example, there are some kind of glitches in Windows networking stack (Linux also has its own set of bugs) which are found time and time, and then rapidly exploited by malware to spread directly. Some of the known examples are RPC-DCOM vulnerability in Windows 2000/XP which was exploited on a very large scale all over the world. This kind of vulnerability do not require any user action. However, these kind of attacks can be stopped by using correctly configured firewalls or simply applying patches. Remember that we have written **Correctly configure firewalls** because a badly configured firewall does not offer any protection at all. However, do note that firewalls themselves have their own set of bugs, so they themselves can be vulnerable, so the best way to be protected is to update your software as soon as possible. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://zer0verflow.gitbook.io/ecpptv2-notes/system-security/malware/how-malware-spreads.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.