How malware can infect your PC

Applies to: SecurityWindows

This page describes the most common ways that malware can find its way to your computer.

Spam emails

Malware authors often use tricks to try to convince you to download malicious files. This can be an email with a file attached that tells you it is a receipt for a delivery, a tax refund, or an invoice for a ticket. It might say you have to open the attachment to get the items delivered to you, or to get money.

If you do open the attachment, you'll end up installing malware on your PC.

Sometimes a malicious email will be easy to spot—it could have bad spelling and grammar, or come from an email address you've never seen before. However, these emails can also look like they come from a legitimate business or someone you know. Some malware can hack email accounts and use them to send malicious spam to any contacts they find.

To prevent your PC from being infected it's a good idea to consider the following:

  • If you aren't sure who sent you the email—or something doesn't look quite right—don't open it.
  • If an email says you have to update your details, don't click on the link in the email.
  • Don't open an attachment to an email that you weren't expecting, or that was sent by someone you don't know.

To learn more, see Keep your computer secure at home

Infected removable drives

Many worms spread by infecting removable drives such as USB flash drives or external hard drives. The malware can be automatically installed when you connect the infected drive to your PC. Some worms can also spread by infecting PCs connected to the same network.

There are several things you can do to avoid this type of infection:

Bundled with other software

Some malware can be installed at the same time as other programs that you download. This includes software from third-party websites or files shared through peer-to-peer networks.

Some programs will also install other software that Microsoft detects as potentially unwanted software. This can include toolbars or programs that show you extra ads as you browse the web. Usually you can opt out and not install this extra software by clearing a check box during the installation.

Programs used to generate software keys (keygens) often install malware at the same time. Microsoft security software finds malware on more than half of PCs with keygens installed.

You can avoid installing malware or potentially unwanted software this way by:

  • Always downloading software from the official vendor's website.
  • Making sure you read exactly what you are installing—don't just click OK.

Hacked or compromised webpages

Malware can use known software vulnerabilities to infect your PC. A vulnerability is like a hole in your software that can give malware access to your PC.

When you go to a website, it can try to use those vulnerabilities to infect your PC with malware. The website might be malicious or it could be a legitimate website that has been compromised or hacked.

Vulnerabilities are fixed by the company that made the software. They are sent as updates that you need to install to be protected. This is why it's extremely important to keep all your software up to date, and remove software you don't use.

If your software isn't up to date you could also get repeated alerts about the same threat, so be sure to update your software.

Other malware

Some types of malware can download other threats to your PC. Once these threats are installed on your PC they will continue to download more threats.

The best protection from malware and potentially unwanted software is an up-to-date, real-time security product, such as Windows Defender Antivirus for Windows 10 and Windows 8.1, or Microsoft Security Essentials for Windows 7 and Windows Vista.