When personal computers were new, having one in your home was a kind of hobby. Every user needed some serious technical expertise. System won’t start? Open the case, pull the expansion cards, polish their terminals with a pencil eraser, and reseat them. If that didn’t work, you could join your fellow hobbyists at a PC Users’ Group meeting and ask around. You might solve other problems by tweaking arcane settings in the CONFIG.SYS file. Fun stuff, for sure! Computers these days are no longer a hobby, just a boring commodity. Here’s a thought to spice up your life—why not get your computer infected with malware?
What if you turned on your computer and it flashed a warning that the government is investigating you? Or opened your browser only to confront a blizzard of fun and colorful ads? Who knows, maybe your computer could be among the zombie army enlisted by a bot herder to take down a major website using a DDoS (Distributed Denial of Service) attack! Wouldn’t that be cool?
In truth, if you want to open yourself to the full malware experience, you’re going to have to do a little work. Modern operating systems and computers are just too darn nanny-state protective, and just about every new computer comes with a security suite preinstalled. Here are some tips to ease you into the exciting world of malware.
Pick the Right Device
Love your Mac? Your iPad Pro? Well, for now, you’ll have to put them aside. There’s no doubt that malware for macOS exists, but there’s no telling how long you’d have to wait for an attack to hit. As for iOS, fuhgeddaboudit! Everything that makes macOS trouble when you’re trying to get cozy with malware goes double for iOS.
What you need is a good old PC, and I do mean old. The older the Windows version the better; newer editions have some annoying built-in security features. If you can find a box running the antiquated Windows 95, that’s golden! Microsoft ended support for this precious antique operating system in 2001, so hackers have had more than 20 years to exploit it.
If you can’t come up with a Windows device, go for Android. That’s what the malware writers do! Lots of Android devices get stuck at an old Android version because the vendor doesn’t support updates, including security updates. Lollipop, anyone? Google is working to tamp down the scourge of Android fragmentation, but there are still a lot of vulnerable phones out there. Got an old phone you threw in a drawer? Revive it and you’re golden!
Evade Malware Protection
If you’re trying for the malware infection experience, obviously you don’t want malware protection installed. That would defeat the whole purpose! But hold on, don’t just delete your antivirus; it’s not as easy as that.
Here’s the problem. Microsoft doesn’t trust you to handle life without malware protection. If Windows 10 (or 11) detects that you don’t have any other antivirus running, it forcibly turns on Microsoft Defender Antivirus. In years past, that wouldn’t have been a problem, because the old Windows Defender was so lame. But unfortunately, the latest Defender is showing better and better test results.
You might think you can turn off Microsoft Defender by digging into security settings and turning Real-time protection off. However, Defender keeps running scheduled scans, so that’s not a real solution. In any case, it doesn’t stay turned off. Yes, if you’re a PC wizard you can make a bunch of changes using Registry Editor and Group Policy Editor to put a stake through Defender’s heart. Are you a wizard? I didn’t think so.
Your best bet is to check our reviews of antivirus software and pick one with a poor score. You can also try keeping your existing antivirus program active but with scheduled scans and real-time protection turned off. Better yet, use an older version of Windows, one without all the security padding.
Tell the Browser to Shut Up
Modern browsers think they know everything. Download this, but don’t download that. This website is OK, but you can’t go to that one. Throw off the tyranny of the browser! You’re the one in charge, after all. While you’re at it, remove any browser extensions that rudely get in between you and those fascinatingly dangerous pages.
Naturally, the way you escape oppression differs between browsers. In Chrome, click Settings from the menu, click Security & Privacy, click Security, and set Safe Browsing to “No protection (not recommended)”. While you’re there, turn off secure connections and secure DNS.
If you’re partial to Edge, choose Settings from the menu, click Privacy, search, and services, and scroll down to the Security section. Found it? OK, turn off Microsoft Defender SmartScreen.
Firefox users should click Options, select the Privacy & Security tab, and un-check the box titled Block dangerous and deceptive content. Are you using Internet Explorer? Congratulations! Microsoft is trying to sweep IE under the rug, so it may more susceptible to malware. To be sure it doesn’t interfere with your malware mission, press Alt+T to bring up the Tools menu, select Windows Defender SmartScreen Filter, and turn that feature off.
That’s it! You’re free to surf all the web, not just the places your killjoy browser permits. Check out shady links, off-color blogs, sites offering free screensavers, anyplace you can imagine.
At PCMag, we infect computers with malware deliberately, to test security products, and we have our own methods for collecting malware samples. If you’re impatient to get the malware party started, there are plenty of resources available to the public. Check out the Contagio Malware Dump site, or this list of malware-hosting sites(Opens in a new window) curated by a security expert. Bear in mind, though, that you’ll miss out on the fun of wrestling malware in the wild.
Click All the Links!
OK, you’ve removed the obstacles to acquiring a malware infection. Now what? Where’s the malware?
The first place to look is your email account. Skip those familiar emails from your boss, and your Aunt Esmeralda. Look for oddball messages from unfamiliar folks. If you don’t find them, check the junk mail folder. When you find an offer to meet a Ukrainian bride, or receive millions from your long-lost Armenian cousin, click the link to see what they want to show you.
If the web page indicates you need to install a new video codec or driver or whatever, go right ahead! It might be a boring update, but it could be some cool malware. If you don’t see anything interesting, don’t give up. Some malware works behind the scenes. But if you’re lucky you might see an entertaining screen like the one above. Don’t worry; the Mounties aren’t really after you. This malware is just bluffing.
Don’t stop with links in your email messages. If you see a weird ad while surfing the web, take the bait! It might be just some offbeat new product, but it might also be a hacker trolling for PCs to infect with malware.
As you travel the byways of the web, you may find yourself confronted with a big antivirus warning. Weird, since you neutered your antivirus protection, right? But it’s actually cool. Real antivirus products don’t get in your face unless you install them. You’ve scored a scareware installation, most likely. Typically, it’ll scan for malware at no charge, way faster than real security software, and then ask you for cash to disinfect what it “found”. Far from removing malware, it probably planted some goodies for you to find later.
Get Free Storage With Free Malware
You don’t pay for USB thumb drives, do you? I mean, people are giving them away all over the place. Go to a boring lunch about timeshares, you get the prospectus on a thumb drive. Your kids may bring homework from school on a thumb drive. If you can wangle your way into the Press Room at Black Hat or another security conference, you’ll find a wealth of press releases on thumb drives. The security wonks think they’re too smart to take them, which just leaves more for you.
You’ve heard the expression, “See a penny, pick it up, all the day you’ll have good luck.” Surely it’s even better luck to find a thumb drive on the sidewalk, or in the parking lot! Grab that sucker and plug it right into your computer.
Most USB malware is courteous enough to launch automatically when you plug in the drive. If nothing launches, explore what’s on the drive, see what kind of interesting programs are waiting for you to activate them.
If you’re using an older computer, you could be in for some free fireworks. Originally demonstrated at Black Hat, now marketed as a tool for testing, the USB Killer(Opens in a new window) uses your computer’s own USB power to charge up its capacitors, then zaps the PC with 200 volts. If the hardware isn’t properly buffered, the results can be exciting. The very latest USB Killer device carries its own battery, so it can “test” even a turned-off PC.
Don’t be disappointed if the thumb drive doesn’t seem to contain anything interesting. Some super-tricky ones lie to your computer, saying “I’m a keyboard!” They go on to “type” commands that secretly take over your computer, without any visible evidence. And, if nothing else, you got yourself a free thumb drive!
The Joy of Ransomware
Malware that pretends you’re wanted by the Mounties or the FBI is cool. Adware’s flashing plethora of ads can be as entertaining as a kaleidoscope. And your heart surely pounds with a frisson of alarm and excitement when you find that a banking Trojan has emptied your account. But there’s nothing to compare with a full-blown ransomware attack, especially when you’ve disabled any dreary ransomware protection that might be cluttering your PC.
Basic file encryption ransomware can be entertaining. After it has encrypted your documents, it typically displays a colorful ransom note in several different ways. Some types change your whole desktop to a ransom note. Others display the note in your browser, or in Notepad. You get to decide whether to go through the cloak-and-dagger ransom payment process or to enjoy starting fresh, without the baggage of those tedious old documents.
File encryptors are OK, but for real heart-pounding thrills, you want a whole disk encryptor like the infamous Petya ransomware. Watching Petya in action is a gripping experience, like watching a spy movie.
First, it reports a system crash, and it looks exactly like the real thing. You wait, in suspense, while it (supposedly) creates the crash report. Then it reboots the system. On reboot, you see a plain text screen warning that CHKDSK is repairing the file system and that if you turn off the PC you could destroy all your data.
But surprise! That’s not CHKDSK, it’s Petya. And it’s not fixing your file system, it’s encrypting the whole disk. When it’s done, a flashing red/white skull image offers a colorful clue that you’ve got real trouble.
When you tap a key, the skull changes to a garish (but non-flashing) ransom note. Alas, this may be the end of your malware experiments, unless you choose to pay the ransom and hope for the best. But you certainly went out with a bang!
Take the Safe, Boring Path
What’s that you say? You like it when using your computer is boring? You don’t want to experience the excitement that comes when you invite malware into your life? You’re free to rejoin the sheeple herd. But even while you’re busy putting your blinders back on, you can get some use out of this article. Just follow all the steps and suggestions but in reverse.
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.