Shellfish Systems and Security

Share this post

Shellfish Systems and Security
Shellfish Systems and Security
How Hard Is it to Get a Virus?
Copy link
Facebook
Email
Notes
More

How Hard Is it to Get a Virus?

Turns out it's harder than you think

BowTiedCrawfish
Feb 05, 2023
2

Share this post

Shellfish Systems and Security
Shellfish Systems and Security
How Hard Is it to Get a Virus?
Copy link
Facebook
Email
Notes
More
Share

Let’s be honest. If you owned a computer during your early teenage years, you probably downloaded some sketchy stuff to get free Steam credit, RuneScape gold, Robux, etc. You would download this weird file and do a bunch of surveys, but then when you get to the end of all of the surveys, there would be some weird error, and you wouldn’t get your free dosh. Awe man :(. Turns out what you downloaded was a Trojan that probably spied on you, threw a bunch of advertisements (adware) at you, and made you download even more garbage. I did this several times, even on the family computer. Off the top of my head, I have gotten 4 different computers infected with a virus by accident. The other times were, well, ya’know.

What’s New, Scooby Doo?

Fast forward to 2023, and you’re reading this article. Well, clearly, you aren’t a silly, naïve kid anymore. You know a thing or two about viruses and how to avoid them. You don’t click on fishy links, nor do you care about Bob the IT guy who keeps calling you from a toll-free number. You know how to avoid viruses, scams, and the like, and we’ll say you’re in the above average group of computer knowledge. Even someone in the average group knows how to avoid scams.

Shellfish Security is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.

What else is in 2023? Well, Microsoft Defender has gotten quite an upgrade since 2010. The odds of you downloading a virus just plain off of a website is extremely low. And if you did, Google Chrome scans the file, and if it’s good enough to pass then you download it to where Microsoft Defender scans the file. Then it scans it again when you run it. Don’t forget about your firewall! There’s a lot of hoops an executable has to jump through to even make it inside to your computer.

There’s an entire workforce dedicated to finding exploits out in the wild and working on solutions to prevent them from ever happening again. It’s still a game of cat-and-mouse, but that forces malware developers to develop a more targeted approach.

Gone are the days of making a website with a shady executable fit with some fancy JavaScript that mimics a review page of satisfied customers… or so I thought. They still exist, so make sure you watch your kids closely. Regardless, the point is that the odds of you, Joe Schmo, downloading a virus by complete accident is literally 0. Google has SEO’d those trashy, sketchy websites out of existence. You have to really be looking for something to find and download a virus. I’ll get to how that happens in a bit.

Mass vs. Targeted

When I say “targeted approach”, I mean that malware authors/APTs/hacktivists/script kiddies are more focused on getting “one big bag” rather than “many small bags”.

The only mass viruses that exist nowadays are adware scams. These are your Amazon packages, uncanceled Netflix subscriptions, weird porn, etc., that redirect you to a website with advertisements on it.

Let’s say, for example, Scott gets $0.001 for every view of his website via ad revenue. He sends a mass text scam to 100,000 people about their Amazon package with a link that forwards them to his website. If 1,000 people click on the link he attaches, he just got $1. Good job, Scott. A 1% turnover rate gets you a pack of gum. This adds up, though. That’s why these are so frequent.

On the other hand are the “targeted” attacks like ransomware attacks on companies, blockchain code exploitation, etc. These are the “big bag” and involve the creation of a completely unique virus that is used once to exploit a single system. Think about it. It wouldn’t make sense to go through all of the effort to find and exploit a zero-day only for you to attack the personal laptop of Mary the accountant who makes $50,000/year. Sounds silly. So, these attacks target small and/or weakly protected businesses that are likely to pay a ransom (especially ICS).

The point I’m trying to make here is that you, a single person, are not a target. Your personal laptop probably isn’t connected to any mainframes or private company networks. If it is, get a separate laptop for work and personal use. I would not advise mixing the two, especially if you’re overemployed. If you work for a big company, you can be the target of a phishing attempt, but you should know how to avoid that.

It Takes… A Village?

Back to the original topic.

Let’s say you actually click a link.

Nothing happens.

Nothing will happen if you click a link. Nothing barring you go to a website of course. A website can’t hurt you. What is on the website, however, can be dangerous. The website could have porn or gore or illegal material on it (eugh), but that won’t give you a virus (except maybe a mental illness after seeing some of the awful stuff out there).

What happens after you click that link is what can give you a virus. Hopefully you’ll go “oh this isn’t what I was looking for” and leave before that happens. Don’t forget that they’ll clickjack you too!

Links are just links.

Remember what I said about “really looking for something”? Well, if you’re a bit internet savvy, you may have heard about torrenting. Torrenting allows you do download pretty much anything from anywhere. It is peer-to-peer downloading, kind of like bitcoin. Because they are hosted in a peer-to-peer, decentralized manner, it is difficult to remove the content, even if it’s illegal. Torrent host sites (ThePirateBay, 1337x, etc.) have a massive list of torrentable material such as movies, TV shows, porn, and cracked software/video games.

Let’s focus on the cracked software. Cracked software usually relies on malware techniques to “crack” it and make it available for everyone to use. You can’t just download Call of Duty on your Steam account, and then copy it to a flash drive and try to run it on your friend’s computer. There are serverside checks that prevent that, but those can be bypassed and exploited. In doing so, this may trip up your AV (usually under a Trojan flag), so if you are downloading a free copy of Elden Ring, you might turn off your AV to install it.

This is one of the only ways you can “accidentally” get a virus. And you’re really asking for it.

Also, before you ask, yes. I have been smashed while trying to torrent before. It was Call of Duty: Black Ops 3 if you were curious.

And you’ll probably ask:

Do you condone torrenting?

And to answer that: I think I’m supposed to say no, but if you really, really want something, you have the ability to get it if it exists. And if you get smashed, it’s all your fault. Not mine.

“can u sumup”

TL;DR. In my humble opinion, it is really hard to get a virus. You have to be horrifically unlucky, an idiot, or really desperate to get one.

Go!

-BowTiedCrawfish.

Shellfish Security is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.

2

Share this post

Shellfish Systems and Security
Shellfish Systems and Security
How Hard Is it to Get a Virus?
Copy link
Facebook
Email
Notes
More
Share

Discussion about this post

No posts

Ready for more?

© 2025 BowTiedCrawfish
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great culture

Share

Copy link
Facebook
Email
Notes
More