Since the start of the New Year the Help Desk has received over 46 calls regarding computers infected with viruses and spyware. In the first 4 days of March alone we had 8 viruses reported!
They say “Prevention is the Best Medicine” well that is true for computers as well.
We need YOUR help to prevent these infections from happening in the first place. Here are some reasons why:
- Viruses may potentially be malicious and may steal your data.
- Viruses can damage Windows installation and corrupt data.
- Spyware and viruses slow down your computer and our network.
- Removing a virus from a computer can take hours, possibly days depending on the severity.
- If the Help Desk is spending an excessive amount of time cleaning viruses, we are unable to work on other important computer issues reported to us, resulting in longer wait times for you.
So how can YOU help?
First let us explain some common terminology because we can’t fight an enemy we don’t understand.
Some common types of viruses are:
Trojan: a program that appears desirable, is disguised as legitimate software, but actually contains something harmful; the term is derived from the classical myth of the Trojan horse. The software may look useful or interesting to an unsuspecting user, but is harmful when executed. E.g. "when he downloaded the free game (screensaver or music, etc.) it turned out to be a Trojan horse"
Rootkit: a tool that captures passwords and message traffic to and from a computer. It is software designed to replace specific components of an operating system, so that once installed it creates back doors in the compromised system, allowing continuous system access to the cracker even if the root password is changed, or if a system reconfiguration is performed.
Malware: is the generic term for software that is designed to do harm - a contraction of 'malicious software'.
Finally, the type that is becoming more and more prevalent and persistent is called Rogue. This is what is currently causing the majority of problems on campus. The positive thing is that this type of virus may easily be prevented by the user. So please read on!!!!
Rogue : Rogue security software also known as "scare ware,” is a form of computer malware that deceives or misleads users into paying for the fake or simulated removal of malware/viruses. Rogue security software, in recent years, has become a growing and serious security threat in desktop computing.
Creators of Rogue software rely on visitors to wittingly install their "AV program" They do this by creating web pages which seem like authentic copies of legitimate screens in Windows operating systems. These web pages make visitors believe that their machine is infected with several malicious programs and that the offered "AV program" can help them clean it. Once the rogue program is installed, the victim has to pay money to get it "working" or, in some cases to even uninstall it. (Some rogue versions even steal local data and install key loggers).
In order to get people to visit the web sites serving rogue programs, the attackers use different routes.
Watch out for fake virus alerts
The web pages they use to scare the visitor looks almost exactly like Windows' Security Center. Here are a few examples (screen shots) of common Rogue programs:
These windows aren’t real and are not generated by Windows; they are actually images the attackers created. The "Remove all" and "Cancel" also aren't real buttons, just part of the image which will execute the malicious code wherever the user clicks.
Rogue security software might also attempt to spoof the Microsoft security update process. Here's an example of rogue security software disguised as a Microsoft alert but doesn't come from Microsoft.
This is what the REAL Microsoft Windows Securty Center looks like:
Rogue security software might:
• Lure you into a fraudulent transaction (for example, upgrading to a non-existent paid version of a program).
• Install malware that can go undetected as it steals your data.
• Launch pop-up windows with false or misleading alerts.
• Slow your computer or corrupt files.
• Disable Windows updates or disable updates to legitimate antivirus software.
• Prevent you from visiting antivirus vendor Web sites.
So how does this stuff get on YOUR computer?
Rogue security software might appear on your screen while you surf the Web as legitimate looking pop-up windows that advertise security update software. The "updates" or "alerts" in the pop-up windows call for you to take some sort of action, such as clicking to install the software, accept recommended updates, or remove unwanted viruses or spyware. When you click, the rogue security software downloads to your computer.
Looking for articles or news by a search engine may encounter results that, upon being clicked, are instead redirected through a series of sites before arriving at a landing page that says that their machine is infected and pushes a download to a "trial" of the rogue program.
Rogue software might also appear in the list of search results when you are searching for trustworthy antispyware software. Or in drive-by downloads which exploit security vulnerabilities in web browsers, pdf viewers, or e-mail clients to install themselves without any manual interaction.
Rogue software can also be hidden in the following:
- An image, screensaver or archive file attached to an e-mail message.
- Multimedia codec required to play a certain video clip
- Software shared on peer-to-peer networks
- A free online malware scanning service
- 'A browser plug-in or extension (typically toolbar)
How can you PROTECT yourself?
YOU are the best and first line of defense
If a window pops up in your web browser indicating that you have a virus or a malicious program on your pc, DO NOT CLICK IT or anywhere in the window! Close the browser immediately by using the X in the upper right hand corner of the screen.
You can also press control-alt-delete (at the same time) on your keyboard and use the Task Manager to close any suspicious windows.
Contact the Help Desk
When in doubt call the Help Desk! If we do not answer the phone please leave us a message and we will call you back as soon as we return to the office. In the meantime, DO NOT click in the window.
Surf and download more safely
• Only download programs from Web sites you trust. If you're not sure whether to trust a program you are considering downloading, enter the name of the program into your favorite search engine to see if anyone else has reported that it contains spyware.
• Avoid downloading pirated software.
• Never click "Agree" or "OK" to close a window. Instead, click the red "x" in the corner of the window or press Alt + F4 on your keyboard to close a window.
• Be wary of popular "free" music and movie file-sharing programs.
• Exercise caution with links to Web pages that you receive from unknown sources, especially if the links are to a Web page that you are not familiar with or suspicious of. Malicious software may be installed in your system simply by visiting a Web page with harmful content.
• Remember that “free” screensavers, games, videos, toolbars, etc. may be linked to all sorts of viruses and rogue programs.
• Don't open email attachments — even if it looks like it's from a friend or coworker — unless you are expecting it or know what it contains. If you send an email with an attached file, include a text message explaining what it is.
• Use caution on social networking Web sites (such as My Space and Facebook).
• Do not believe amazing offers and unlikely stories, and beware of phishing scams
• Do not trade unknown files with peer-to-peer programs.
Protect yourself from social engineering attacks
While attackers may attempt to exploit vulnerabilities in hardware or software in order to compromise a system, they also attempt to exploit vulnerabilities in human behavior in order to do the same. When an attacker attempts to take advantage of human behavior in order to persuade the affected user to perform an action of the attacker's choice, it is known as 'social engineering'. Essentially, social engineering is an attack against the human interface of the targeted system.
Note about Antivirus Programs
We currently use Symantec EndPoint Protection for protecting systems against viruses and spyware. However, even the most up-to-date anti-virus software may not detect the latest viruses. When a new virus is beginning to spread it may take up to a week before the virus definitions are readily available to detect it.
What if I am already infected?
Call the Help Desk. We will do a thorough cleanup of your computer.
In the future we will provide some more tips via our website on how to keep your computer up to date and protected.
Updated March 9th 2010