Being a security guy, I’m quite cautious about my internet usage.  I always run anti-virus software.  I never open email attachments or links.  I’ve got a keen eye for spotting scams and malicious software.  I never download anything off the net without running a comprehensive anti-virus scan on the file before touching it.  I always do my security patching, and I stay away from questionable websites.  I arrogantly assumed that I wasn’t the guy that would get infected with malware.  That happens to people with less expertise; with less training; with less diligence.  Boy did I get a rude awakening.

Well, the other day, I navigated to a perfectly legitimate website that, as I found out later, was hijacked.  I navigated to the site, and only a few seconds later noticed my hard drive was spinning with activity, which I found strange.  I hadn’t downloaded anything.  I hadn’t clicked on anything to cause such activity.  But something was happening, and I knew it wasn’t good.  A couple of seconds later, my fears were confirmed:  my anti-virus software popped up saying that it had detected a virus.  The problem is, it was too late. 

It turns out the site exploited a security hole in my browser to download a Trojan Horse into my system.  This Trojan immediately downloaded approximately 10 other viruses (including a dreaded Rootkit) into my system.  The anti-virus software found two of these, but it was too late.  The virus had spread through my system, and there was no getting it out.  I spent 12 straight hours running multiple anti-virus programs, and multiple anti-malware programs, and all sorts of advanced IT tricks known only to us tech gurus to get the viruses out of my system.  I finally got to the point where every single application I ran came up with a clean bill of health for my computer.   Problem solved.  Or so I thought.

One restart later, and there it was again, downloading a host of new viruses into my system.  I eventually threw in the towel and had to erase everything on my computer (including all my programs and data) and start from scratch.

The moral of the story?  Don’t think you’re safe because you’re smart about security.  You can do everything right and it can still happen to you.   And don’t trust that a clean bill of health by your anti-virus software means that you’re safe. 

These  things are pesky, and if you plan on doing anything sensitive like online banking or online shopping, please make sure you invest in a quality security product that protects your information from these types of attacks.  Anti-virus software is not enough.