Why did I get reinfected within seconds of connection to the internet?

The scenario looks like this: you’re infected with a virus, perhaps more
than one. You spend hours cleaning, scanning, cursing and possibly rebuilding
your machine to a clean state. Everything is clean and wonderful.

Then you connect to the internet.

With seconds (and I to mean seconds) – you’re infected again. Why?
How? You didn’t do anything, right?

Well, that’s part of the problem: you didn’t do something.

All of the following need to be true for you to get reinfected again:

1. You’re not behind a firewall.

2. You didn’t install the patch for the vulnerability that was exploited to
   infect you.

3. There’s an infected machine on the network that can reach you.

Viruses such as Sasser are passed by a type of computer-to-computer
communication that doesn’t involve email or for that matter any action on
your part. If your computer is vulnerable and can be reached, then it can be
infected.

So lets look at each of those three requirements, and how you can prevent
them:

1. You’re not behind a firewall. A good firewall will block
   the type of communication that the viruses use to travel from computer to
   computer. Install one. A broadband router will do. Turning on XP’s built in
   firewall will do. Getting a software firewall will do. But it’s something you
   need to do.

2. You didn’t install the patch for the vulnerability that was
   exploited to infect you. Yes, the fact that there’s a vulnerability is
   a bug in the operating system. But there’s a quick and easy way to fix that
   bug. Install the patches. Stay up to date. Use Window’s automatic update
   feature or visit Windows Update regularly.

3. There’s an infected machine on the network that can reach
   you. Okay, so there’s not a lot you can do about this other than know
   it’s possible. Tracing back what machine is infected is possible, but difficult
   and can be time consuming. Rather than trying to fix some other machine,
   concentrate on protecting your own.