Some time around 2010 or so I found a FREE DOWNLOAD for some software I wanted on Youtube. Normally I wouldn’t fall for such a thing, but the video had a huge amount of likes and a basically no dislikes so I thought it was legit (I wasn’t well-acquainted with the concept of view bots). Ended up with some nasty malware, had to reinstall. Don’t run executables off youtube, kids.
Also there was a point before that I got ultra-paranoid about my computer having a virus, and I would Google processes in task manager and got super scared and installed some fake rogue antivirus from a ‘company’ called Uniblue. A lot of their ‘marketing’ was pretending they were part of Microsoft, and I thought it was super legit. It wasn’t. Turns out being paranoid about computer security when you are completely computer illiterate is a perfect way to get malware.
I regularly infect other peoples Laptops, and my own VMs as well, with a very common Spyware/Adware/Trojan. It comes in two different versions, the newer one being much more aggressive than the older one. It’s a ‘premium’ product costing up to $250 officially. The only way to really get rid of it is a full disk clean, otherwise it hides itself into separate, hidden partitions. It IS very annoying to install, considering it’s very slow, buggy and needs a terminal to circumvent the online account (even more tracking, technically, but I don’t want to create an account myself). And it even crashes all the time, takes ages to update and is a magnet for other viruses. I myself of course don’t have it, i use Linux after all. But most people seem to like Windows, for some reason, so I have to install it for them.
Well, why what? Why do I have to install it? Because there are A LOT of old people in my village, who only ever used windows, and when I repair their stuff or get them new stuff I often have to (re)install windows. And windows is the virus I’m talking about, because IMHO, it literally IS Spyware, Adware and a Trojan. Literally every criteria is met for those kinds of viruses. MacOS is just a lighter Spyware and potentially a Trojan, but can be expanded to be all three (especially a RAT Trojan) very easily. Linux, on the other hand, has only very few, single instances of separate Distros having ads (Canonical/Ubuntu) or Spyware via Telemetry (Also Ubuntu), but not only can Telemetry be disabled, one could also use another distro. Like Arch btw.
WinXP has had a long time on the shelf, it’s EOL so it’s not getting updated, and it’s still occasionally in use by businesses - when true, usually on critical infrastructure pieces that they can’t afford to take down to swap to a newer machine. People know this and so XP is a malware magnet. There are about a gorillion scripts loose in the wild that just find IP addresses at random - or not random - and hammer them with a bouquet of exploits, almost all of which will be easily fended off by a modern updated system, but several of which XP is probably vulnerable to.
So, the second you have a functioning network driver and complete your handshake with the internet, chances are good that somebody will be trying to sneak a script up your ass to corrupt the system. I’ve never seen it happen during install but if you’re exceptionally unlucky I could see how it could be possible.
XP didn’t have built-in virus protection, you had to install anti-virus once you got to the XP desktop. But, as I found out, during setup XP was talking to the Internet and vulnerable to infection.
Personal: Booted up a friend’s infected disk on my Amiga, which then infected the HD. Mass panic for ten minutes or so as I ran Virus Checker or VirusZ on it.
Work: In 2003-ish we had an infection of… I can’t even remember the name of it, but we had to manually go round and run a program on everybody’s computer to get rid of it.
Since then I’ve seen a few people get their files encrypted by Ransomware, but no major infections.
Had a fun experience in the back then times that my father’s computer became infected with one of those nineties style “funny guy” viruses. You know the ones, the ones that seem less interested in stealing money and doing damage and more interested in just fucking with you.
Of note:
if you tried to open Mozilla Firefox it’d autokill it and pop a message saying "use IE or else"
if you tried loading up Orkut (look, we were Brazilians in the early aughts. We all used Orkut) it’d kill your browser saying orkut was banned from that PC
it’d occasionally pop up messages with rude text seemingly at random
I think lot of people don’t realize that you can get malware just from browser vulnerabilities, and not just from downloading and running malicious files. Adblocking isn’t just an issue of annoyance, it’s an important security tool.
The one where they installed a remote access script on a workstation, waited for 6 months before spending all of 5 minutes bypassing a few layers of security products, gaining domain admin, and then exfiltrating 3 docs relating to a Russian dude’s trial from like 6 years prior.
Why the hell would one do that for THREE documents? I’d be exfiltrating everything out of there if I were them, if not for that Russian guy’s trial, at least for my curiosity and reading pleasure!
Worst experience. Fairly new at a dotcom and moving from the satellite office to the big-time (same building as these loosers who were trying to do DVDs by mail, LOL ;-) and getting the shown around and introduced to various department heads.
Met the VP of IT and Sr. Systems admin, joked that it looked like they lived there… found out they had been battling a nasty virus all weekend that had infected most of our desktops and was evading our standard AV package, it was taking several runs of a special cleaner or just a wipe/reinstall.
Got introduced to lots of other folks, learned many more things, almost entirely forgot about the virus. A few hours later I’m waiting for my boss to finish a “quick” meeting I wasn’t invited to and getting bored. But I want to seem like a responsible employee (and I was caught up with /. from earlier in the day) so I decided to log in and check my email.
And the inbox boings start. Don’t even have a functioning desktop yet and I can literally hear the virus spreading across the office. I’d manage to pick an old desktop in the IT area that hadn’t been cleaned yet. Fortunately a lot of computers were still off from the cleanup effort, so my fuckup was limited to a 6-7 systems, but that was still hours of additional work for the small IT team after they had already given up their weekend.
It’s definitely not the worst virus I’ve ever had to deal with with. But it was definitely the most visible/shameful virus related fuckup I’ve ever been responsible for.
I don’t know if this applies directly, but in my early days of hosting a server for fun, I installed a telnet server because my phone didn’t have SSH at the time. I forgot to close it when i was done and someone got in and installed a password sniffer. This was a Slackware box, IIRC. My only indication that there was a problem was that the “.” & “…” directories didn’t appear from an “ls -Alf”. I pulled the network cable and booted to a boot image and discovered that many key system utilities were replaced with imposters that would mask that there was an intruder. The '“ps”, “ls” and other utils were symlinked to the “…” dir in /usr/local/lib.
I didn’t trust anything on that server and nuked it. Now, anything that’s internet facing is built from ansible and the config is stored in a repo and the repo is backed up on a drive that’s physically disconnected except when backing up. I’ve messed up the initrd from time to time and it’s usuall easier for me to reimage than try to fix it.
I’ve never been able to confirm if it’s true or not but around 2014/2015, I had a malicious Firefox extension that apparently originated from Google Chrome. What it did was basically put ads on all webpages, including blank pages and it was really hard to remove because it would just keep reinstalling itself until I uninstalled Chrome and then found and deleted the folder that contained the origin of the malware.
I wasn’t able to do much research on my own, mostly because I didn’t really know how to, but everyone online (possibly including Mozilla themselves) who was infected by the malware believed that Chrome downloaded the malicious Firefox extension. The main reason people believed it was because not only did the malware only seem to infect users who had both Chrome and Firefox installed but the origin of the malware would keep reinstalling itself until you removed either Chrome or Firefox and stuck with just one browser.
The old search engine hijackers were honestly the worst malware I had to deal with somewhat regurarly
Anything more serious either cleaned up with malwarebytes or warranted reformatting the hard drive, but the hijackers were relatively easy but annoying and tedious to get rid off
To be fair her teaching assistant put it on there and she has a tendency of clicking on everything and just isn’t computer literate at all so it was more of an inevitability than anything. It installed a reskinned Chromium that redirected searched so it wasn’t super bad. is ran MalwareBytes and got a few more possible threats too. Glad it wasn’t anything super severe. I’m out of practice lol.
Me too, and I’m surprised how I haven’t. As a kid I used to pirate stuff from tons of shady websites without any antivirus software on an outdated Windows XP.
That one time back, from so long ago, when I was less techy than 2024 me, when everytime I opened my old Android phone, the browser would open up a Thai porn site. I went to the applications list on that old phone, and found an empty app with no icon and uninstalled it, and it stopped happening.
Just had it. Haven’t seen an ad in ages, but there’s some issues with YouTube, so I am watching my course on their shitty website. It literally showed me an ad of a man peeing.
Dang, I have no clue how I would explain the future to my kid self.
Yeah, I also stopped using it, but I was following a self defense course. I just wish more people/websites would host their own videos and I could just pay in a simple way (so not bc).
Don’t remember how it happened but when I was a kid I got this virus on my laptop that would randomly open hundreds of Firefox tabs with this picture of Jeff the killer, with screaming audio at maximum volume and flashing black and white so fast it def would have killed an epileptic. Probably the most scared I’d ever been at that point. It also turned on my webcam light every time it happened, so somewhere on some filthy shut ins hard drive is a video of me at 12 years old throwing my laptop
Reminds me of that one time someone on some forum linked to a Jeff The Killer screamer site (basically the same thing you’ve described) and I clicked on it.
It initially didn’t even work, because I was using NoScript at the time… So I disabled NoScript temporarily and refreshed the page. It being about 2 in the morning and the speakers being tuned up didn’t help.