How it happened
First of all, let me provide a little bit of background information. I have been a network administrator and IT consultant for several years, and I have experience in a variety of areas, from help desk to server administration to security. As I'm sure is the case for many of you, I am the guy that my family, friends and neighbors call when something goes wrong with their computers. As such, I am no stranger to systems that have been infected with viruses, spyware and the like.
In my spare time, in addition to more "socially acceptable" hobbies such as reading and hiking, I am a pretty avid computer gamer. I have been playing computer games in one form or another since the early days of my childhood, and I guess I just never grew out of it.
Since I am on the road a fair bit for my consulting practice, I like to play an occasional game on my laptop, whether on a plane or in a hotel room. As many of you are no doubt aware, most modern games require the game disc to be in the drive in order to play the game. Often, the game doesn't require access to any resources on the disc; this is simply implemented as a copy protection measure.
Because of the battery drain caused by spinning the CD/DVD drive, and because lugging around a stack of game discs in my briefcase is not very appealing for several reasons, I often go out on the Web and download "cracks" for my games to bypass the CD checks. I should note right now that every game I play is legally purchased and owned by me, and is installed only on my computer. I only bypass the CD to save battery life and to avoid having to take my discs everywhere.
So I had just installed a new game on my laptop, and I went out on the Internet to find a no-CD patch for the game. Unfortunately, this proved more difficult than usual, as the game had just recently been released, and a no-CD file wasn't widely available. I found the patch only on seedier Web sites, frequented by software pirates.
Ordinarily, I would have skipped the files from these sites and waited until some more-trusted Web sites had the file, but I was scheduled to leave on a business trip the next day and I really wanted to get this game up and running without the disc.
Against my better judgment, I downloaded the file to my local machine and ran the patch. Unfortunately, the patch was actually a Trojan, and it proceeded to download a bunch of particularly nasty spyware on my machine without my knowledge. As soon as I realized what was happening, I powered down the machine -- literally pulling the plug -- but it was too late. The infection had already spread into core components of the operating system.
I spent the next two days trying my best to get all the spyware gunk cleaned out of my machine. Even when it seemed that the infection was gone, I was still plagued by system instability, and for some reason, my "blue screen of death" was actually green.
Finally, I gave up in frustration and resigned myself to a complete reinstall of Windows. I booted my machine into Safe Mode, copied my important data off to a spare hard drive, formatted my C drive and ran Windows Setup.
The upside of all this is that at the end of the process, my machine is faster and more stable, free of all the clutter that Windows had collected over the couple of years since my last reinstall. The massive downside is that I spent two full working days trying to clean off the spyware, plus another day and a half getting all my software reinstalled and my backup data migrated over.
But through all of this, I was reminded of several basic but important lessons that we should all keep in mind, no matter how experienced and knowledgeable we think we are.
Nobody is immune.
I think deep down, we all know this one, but the more experienced we get in this field, the more we think that spyware infections only happen to other, less knowledgeable people. The reality is that if we are not careful, if we get lulled into letting our guard down by overconfidence, our machines can be compromised just as easily as anybody else.
Download and run files only from trusted sources.
This one is every bit as obvious as the last one and has been drilled into us to the point that it should be impossible to forget. However, many times we are in a hurry, or our minds are on other things and we don't stop to consider the ramifications of running untrusted software. In my case, despite giving this same advice to countless friends, family members and colleagues, I was in a hurry and foolishly failed to heed my own advice, to rather embarrassing results.
Back up your system regularly.
Do yourself a favor. Go out and buy yourself an external hard drive from someone like Maxtor or Western Digital and dedicate it exclusively as a backup device. Then set up a backup application, such as Windows' Backup utility or the software included with these drives, and configure your system for regular backups.
For home computers, I would recommend a scheme such as a full backup once a week, with nightly differential backups in between. This will enable you to restore to the previous night's backup in a worst-case scenario, ensuring you never lose more than one day of work. And put a reminder on your to-do list to check your backup regularly to make sure that everything is in working order. After all, the worst time to find out your backup hasn't been working for the last month and a half is when you need to restore last night's data.
Make sure your antivirus and antispyware software are up to date and configured to scan files as they are accessed (active scanning).
This is the one that ultimately would have saved me despite all of my previous foolishness. I did have very capable antivirus software installed with all of the latest definition files.
Unfortunately, I had disabled the active scanning feature to troubleshoot a suspected software conflict a few days earlier and had forgotten to turn it back on. Thus, aside from scheduled scans, I was running completely unprotected from whatever malware made it onto my system. If only I had remembered to turn the active scanning back on, my AV software would have picked up the Trojan the minute I downloaded it from the Internet. The file would have been quarantined, and I would have never been given the chance to infect myself.
Conclusion:
There is plenty more you can do to protect yourself from malware, but by taking care of these four things, you will do a great deal to minimize your exposure. However, no matter how much technology you deploy to protect yourself, always remember that it is usually the human element that is responsible for security breaches. Thus, no matter how much experience you have, remember never to let your guard down, lest you end up with a story like mine.