Malware

Malware|Spyware|Phishing|Stinger|Physical Security

Malware includes such things as viruses, worms, trojans and spyware. To keep your computer safe from these things you need to download an anti-virus and an anti-spyware piece of software: the University provides McAfee VirusScan Enterprise & Spybot.

What is Malware?

Malware is a type of software designed to take over and/or damage your computer’s operating system. Once installed, it is often very difficult to remove, and depending on the severity of the program installed, its handiwork can range in degree from the slightly annoying (such as unwanted pop-up ads), to irreparable damage requiring the reformatting of the hard drive.

The most common types of malware include:

  • Virus – A parasitic program written intentionally to enter a computer without the users permission or knowledge. The word parasite is used because a virus attaches to files or boot sectors and replicates itself, thus continuing to spread. Though some virus’s do little but replicate, others can cause serious damage or effect program and system performance.
  • Worms – Similar to viruses but are stand-alone software and thus do not require host files (or other types of host code) to spread themselves. They do modify their host operating system, however, at least to the extent that they are started as part of the boot process.
  • Wabbit – Self-replicating malware. Unlike viruses, they do not infect host programs but repeatedly replicates itself on a local computer
  • Trojan – Harmful software that is disguised as legitimate software.
  • Backdoor – Software that allows access to the computer system bypassing the normal authentication procedures
  • Spyware – Software that collects and sends information (such as browsing patterns in the more benign cases or credit card numbers in more malicious cases) about users or, more precisely, the results of their computer activity
  • Key Logger – Software that copies a computer user’s keystrokes to a file, which it may send to a hacker at a later time.
  • Root kit – Software inserted onto a computer’s system after an attacker has gained control of the system.
  • Exploit – Software that attacks a particular operating system or application security vulnerability.
  • Browser Hijacker – A program designed to alter a computer user’s browser settings (bookmarks, homepage, etc.). They can also produce pop-up ads and, in the worst case, redirect your browser to undesirable websites.

How does Malware Spread?

Virtually all malware cannot spread unless you open or run an infected program. More often than not, victims of malware will have unwittingly brought the infection on themselves, as malware is designed to take advantage of the carelessness or laxness of those who don’t take enough steps to secure their computers against attacks.

Opening and running unknown e-mail or Instant Messaging (IM) attachments is the most common way to become infected.

Other common methods of spreading malware are:

  • Downloading infected files using Peer-to-Peer file sharing programs (e.g. Kazaa).
  • Downloading infected files from the web.
  • Putting an infected computer disk (floppy, CD, USB Memory stick, or DVD) into your computer.
  • Clicking on a web site dialog box.
  • Connecting an unsecure computer to the network.

Preventive Measures:

There are six major precautions you must take to help close that window of vulnerability and help keep malware off your system.

  • Never open, accept, or download an unexpected file or click on an unexpected hypertext link.
  • If the file comes from someone you know, don’t open it unless you know what the file is and you were expecting it. Contact the sender by e-mail, IM, phone, or some other method to confirm that what they sent was not malware.
  • Use anti-virus software and keep it updated.
  • Use anti-spyware software and keep it updated.
  • Keep your computer’s software updated (operating system and applications).
  • Use recommended permissions and security settings.

Preventive Measures for Windows Machines:

Note! A security DVD that includes critical patches for Windows, anti-virus and spyware/adware detection software is freely available from the IT Office. The DVD may not include all the latest patches so you will need to run Microsoft Update after you install all patches available on the DVD.

Windows anti-virus Software:

Resident University students, staff, and fellows are licensed to use VirusScan Enterprise (the site license also covers home use).

If you do not have anti-virus software installed:

  1. Download VirusScan Enterprise.
  2. Install VirusScan Enterprise
  3. Configure VirusScan Enterprise

Afterwards, you must perform a virus scan on your computer:

  1. Open the VirusScan Console:
  2. Select Programs from the Start menu
  3. Select Network Associates and then Virus Scan Console
  4. Double-click on the “Scan all fixed disks” task.
  5. On the Detection tab, make sure the following options are ticked:
  6. What to scan – all files
  7. Scan inside packed executables
  8. Scan inside archives
  9. Select the “Scan Now” button.

If you would like to change or update your anti-virus software to VirusScan Enterprise:

To uninstall your current software.

  1. Click Start
  2. Click on Settings
  3. Click Control Panel,
  4. Double-click Add or Remove Programs.
  5. Click Change or Remove Programs,
  6. Select your old virus checking software from the Currently installed programs list. You can sort programs by selecting different options in Sort by.
  7. Click Change/Remove or Remove.
  8. Click OK at the prompt.
  9. Once your old anti-virus software has been successfully removed, download, install, and configure VirusScan as described above.

If you choose to use anti-virus software other than VirusScan, it must be configured for daily updates. The Corpus Christi College IT Office only supports McAfee VirusScan Enterprise. To configure your anti-virus software, you will need to refer to the associated user support documentation. Below is a list of the most common vendors:

Norton / Symantec
McAfee
AVG
Sophos
Kaspersky
Panda Security
Microsoft Security Essentials

Update Microsoft Windows (initial update)

  1. Open Internet Explorer. Click on the “Tools” menu, then “Windows Update”.
  2. Click on the “Microsoft Update” link shown below the blue bar
  3. Click on the “Start Now” button
  4. Click on the “Continue” button
  5. When asked if you want to install and run “Microsoft Update”, click the “Yes” button.
  6. Click on the “Scan for updates” link.
  7. Click on the “Review and install updates” button.
  8. Click the “Install Now” button. You may get a message indicating that certain updates such as Internet Explorer 6 SP 1 must be installed individually. If this happens, install the requested updates, reboot and repeat this entire process to pick up the remaining updates.
  9. You will need to agree to the license agreement by clicking on the “Accept” button to be able to go to the next step.
  10. Most, if not all updates will require a reboot. Click “OK” to restart your machine. Remember to repeat this entire process if step 5 did not allow you to install all available updates during this session.
  11. Subsequent updates will be made by accessing Microsoft’s website as in step 1, but will require less steps.

To setup for automatic updates:

  1. Go to “Start” > “Control Panel” > “Automatic Updates”
  2. Tick “Automatic (recommended)”
  3. Select “Daily”
  4. Select a time when you normally expect your computer to be turned on and connected to the network.
  5. To update earlier versions of Windows and Office, click on the appropriate link:

Preventative measures for Macintosh:

Macintosh Anti-virus software.
Macintosh Software updates (operating system) and Microsoft applications for Macintosh.

Preventive Measures for Linux/Unix:

See Unix System Security

Curing an Infection:

  1. Disconnect the system from the network by unplugging your Ethernet lead or switching off wireless. Do not switch it off or reboot it because valuable evidence can be lost.
  2. Report the incident and symptoms of the problem to the IT Office. You can find all necessary contact details for the IT Office here.
  3. Run Stinger from a floppy disk or USB key.
  4. Stinger is a stand-alone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather a tool to assist you when dealing with an infected system.
  5. You can download the Stinger utility to floppy disk or USB key from one of the computers in the student computer rooms.

Other Resources:

University Computing Service Laptop Service Policy
The Help Desk staff offer an appointment-based service for laptops that have been hacked or attacked by a virus or worm. Telephone the University Help Desk on 01223 334 681 to make an appointment. The University Help Desk staff will offer help with desktop machines but are unable to physically receive them.

Comments are closed.