There are many ways malware gets installed on your computer. But it almost always depends on you performing a specific action such as clicking on a button, "hot-spot" or a link. You probably receive emails with buttons or links all the time. You are presented with buttons or links on web sites too. The button may have a words like CLICK_TO_SUBSCRIBE. The hot spot may be embedded in a picture of a deal, a product or an exotic location. The link may look like it will take you to one place such as TRACK_YOUR_PACKAGE or BUY_NOW, when in reality it will actually take you somewhere else and start the process of installing the malware.
The major browsers including Internet Explorer, Firefox and Chrome all have a feature which can help you avoid making a terrible mistake. Before you click on anything you should simply hover over it. You can determine where you are really going to be sent before you click.
Here is a link LOOKS_LIKE_IT_IS_A_SAFE_PLACE which appears to be safe. Now take your mouse or track ball and simply point at this link without clicking. If you are using IE, Firefox or Chrome, look at the very bottom on the left hand side of the screen and you should see the actual underlying link appear in a gray shaded area. Note how this is different from the text displayed over the link.
Examine links very carefully. Links (like looks) can be deceiving. The most dangerous ones will contain a file name with a suffix of EXE or ASP buried somewhere in it. EXE (executable) and ASP (active server pages) are two types of files that are actually program code. Click on one of these and you will execute this program code on your computer granting it all the rights, privileges and access that you have. Think twice before clicking if the link is not someplace or something you recognize. Look closely since even one or two characters or numbers can make a huge difference.
Be aware the bad guys go to extreme lengths to make the messages appear very authentic. You might believe it came from your bank or credit card company, eBay, PayPal or other popular sites. The counterfeit messages are often almost indistinguishable from the real deal. Do not click on links in the email. Instead, go directly to the company site, sign in and see if the same message is there. If you don't have an account with that service it is unlikely the message is real. Delete it.
To drive the point home I wrote a little poem:
It only takes one click to make a computer sick.
Then it will take days to erase its malaise.
So remember my sneaky browser trick
And take a quick look before you click.
Follow me on Twitter @JPuglisiLLC