Users keep asking how it happened that their machines became infected with malware, and - occasionally - why their McAfee AV program either did not detect the infection or was unable to remove it.  Failure to deal with an infection is thankfully rare, but on those occasions when it happens it's always difficult to explain why it might have happened. Each case is different, and the technical details of what happens when infection strikes are hard to explain (and sometimes harder to understand, or even discover).


I found, in one of the comments to a Brian Krebs article about ChronoPay, a throwaway link to a PDF file produced by a New Zealand-based security researcher. Peter Gutmann works (or worked) at the University of Auckland in the Department of Computer Science, and the article is obviously a summary of a conference presentation rather than produced for the benefit of his students. Although at least a couple of years old, it's recent enough to include references to Stuxnet.


The PDF file is 113 pages long, and contains a lot of information about how malware gets downloaded, and what steps it can take to avoid detection and defeat attempts to remove it. Some of this is not for beginners, but there's nothing too detailed or technical in there; and it's a pretty comprehensive introduction to the malware industry. There is a long diversion into spamming and credit card fraud, and the author clearly has strong views about security shortcomings in the banking sector (but remember this was written a few years ago; things have improved since then. Probably.)


The document has the title "The Commercial Malware Industry" and can be found at