Viruses and other safety issues - Kunnskapsbasen
Viruses and other safety issues
Owning a computer today is an increasingly large responsibility. A computer presents many opportunities, but also opens doors for people who wish to gain at the expense of others. It is important to be aware of what can be done to protect yourself and your computer from such attacks.
Norsk versjon - Virus og andre sikkerhetsrisikoer
There are many specialized terms referring to safety and safety threats. It can be useful to have an idea of what the most important of these terms mean to gain a better understanding of articles that describe problems and solutions.
A Virus is by definition a program that replicates itself and "infects" other computers. It doesn't necessarily have to be harmful, but the term is most often used to refer to all undesired software.
Malware (a contraction of "malicious software") is a term describing a program that doesn't necessarily replicate itself, but is intended to cause problems on your machine.
Adware (a contraction of "advertisement software") refers to all software that supplies unwanted advertisements to your computer in various forms, usually in the form of the pop up windows in the your browser.
Spyware watches what you are doing on your computer and sends this data to potentially malicious hackers. It is worth noting that this type of software can sometimes be used by friendly services as well. One example is Google using something similar to spyware to show you advertisements that might interest you based on your browsing habits.
A Trojan is a program that, just like the Trojan horse, is made to create an entrance for hackers into your computer through the Internet.
A botnet is one of the more potentially dangerous threats on the Internet. It is a program that, worst case scenario, allows a hacker to take full control of your computer. Such software is seen as such a serious threat that many Internet providers have software that actively searches for botnet activity among their users. Suspicious finds will lead to the user being warned; NTNU is no exception to this.
Phishing is a term referring to malicious users sending emails in which they claim to be from an administration or other authority. They generally ask for your log in information for accounts you have access to, usually email. If you send them this information they will use your account to spam other users.
What does security usually fail?
Email: Many users are infected by viruses when they open infected files that arrive as attachments in emails. This can be files that the sender has attached himself, but that have been infected by a harmful program on the senders computer. When one opens the file on another compuer, an underlying script in the file will execute and install itself on your computer, spreading the "disease".
It has become increasingly common to receive emails containing text and links. The text is meant to spark your curiosity so that you will be tempted to click the link. By opening the link, an invisible program is able to install on your machine, and will then continuing spreading itself by sending emails to people in your address book.
MSN and other chat programs: It is increasingly normal to receive links in chat programs such as MSN that may infect your computer in the same way as emails.
Fake anti-virus software: These enter your computer by first infecting your computer with a tiny, very simple program. All this program does is open a facsimile Windows notification bubble in the lower right corner of your start bar. This is designed to look like a Windows notification and tells you that your computer may have a virus. It further recommends that you download and install anti-virus software on your computer by clicking a link. After you have done this it pretends to scan your computer and reports it to be virus infested. The software offers to remove the "viruses" if you pay for the program.
Camouflaged software: On in the Internet, there are dozens of free, useful programs. The problem is that it is not always easy to tell if the source can be trusted. It is important not to blindly trust whatever you find.
Phishing: At NTNU, we often see emails where the sender claims to be from NTNU IT and wants you to send them your username and password. Never give them this information as they will use it to send spam. As a consequence your email may be blacklisted by different email servers such as Hotmail and Gmail.
Infected USB sticks: One less common phenomenon are USB sticks that have been infected and then infect all computers they are inserted into. The problem here is that USB sticks generally are capable of autostart upon being connected to a computer.
What preventative actions can I take?
There are a number of actions and general knowledge that one can acquire to hinder the majority of safety threats. It is worth noting that not matter how careful you are, you can always be unlucky and get a virus on your machine. It happens to the best of them.
Things your should do and things you should know:
Anti-virus: There is no doubt that anti-virus software one of the most important measures you can take to protect your computer. NTNU offers Antivirus free to employees. Note that if you install NTNUs Antivirus you should remove other antivirus programs you may already have, as these can work against each other and render your computer useless.
NTNU does not offer free Antivirus for students. We recommend Windows users to use Windows Defender, do you have Mac read more here.
Update your software: This shares first priority with having antivirus software. Keeping programs updated on your computer is very important. This means especially your operating system and antivirus software, but in general all programs that can access the Internet should be kept up-to-date.
The reason for this is that hackers around the world are constantly trying to find security glitches in the various operative systems and programs that exist. Every time such a hole is found, it can almost be guaranteed that someone will write a virus to use it. After a certain amount of time, the developers of the software will find the security hole and send out an update that fixes the issue. If you do not download these updates, the security holes will not be patched and your computer will be at risk.
Email attachments: If you receive an attachment in an email your take some precautions before you open the file. Run an antiviral scan on the file. If the file is a .exe file that you have to needed to be sent you should not open it until the sender discloses the purpose of sending it.
General trickery: There are millions of Internet users. It is therefore unfortunately profitable to try and trick people to think that can make money when, in fact, money is being stolen. Even though only 2% of users fall for such tricks, this can be more than enough to be worth the imposters' time. Rule of thumb:// Remember the saying "There is no such thing as a free lunch". If something seems too good to be true, it probably is. You never win a lottery you haven't signed up for, there are no Nigerian bankers who want to share money with you and the cheap medication is hopefully nothing more harmful than sugar pills.
Fake antivirus software: Make sure to identify any software before you install it. This type of virus can be tricky to get rid of. As discussed earlier, this virus appears first as a notification bubble in the corner of your screen. Do not approve it. To remove the virus that makes the notification appear, you should first Google the details in the notification to identify which false antivirus it it. You may then find a guide to help you remove that particular strain of virus.
Camouflaged software: The best way to make sure a program doesn't have malicious intentions is to download it from somewhere else. An example of such a place is Cnet
USB sticks: It is imperative to be critical when using foreign USB sticks. If you don't trust that the owner of a USB stick can protect himself, you should be skeptical to inserting the stick into your computer. The reason for this is that the way USB sticks are opened makes it possible to sneak install a program in your machine as soon as the stick is inserted. There are programs to hinder such autostart scripts from running when you connect the USB. An example of such a program is Panda USB Vaccine
Unknown web addresses: If you are sent a link by email, MSN or through another website such as Facebook, be critical. Remember that the link is created to make you curious, and the consequences of one click can be undesirable. Consider the following:
- Is the person sending you the link likely to send you the type of content that the link claims to contain?
- Is the writing in the message typical of the sender? (Remember that everyone can use Google translate to create messages in any language!)
- Is the link address itself suspicious? (Is the website it links to called "YooTube"? It is a common trick to create websites with names very similar to other websites, or with names that could easily be typos if someone is actually write a different address). If you are in doubt, you can always answer the mail and ask if the sender sent the link himself.
Phishing: There's not much to do in this case except be aware that such mails do exist, and if you receive such a mail, just delete it. Rule of Thumb:// No serious services will ever ask for your password. There is nothing they can't do without your password. Always keep your password secret!
When the damage has already occurred
Notify Section for Digital Security
The first thing to do is to notify NTNU SOC via e-mail or by phone. We can give you advice and guidance on what to be done. It's also important that you notify us so we can prevent more people from being defrauded. Your contribution is important in order to make every day safer for all of us in NTNU. See contact details below. To report a suspicious email, follow this guide.
Block credit card and/or other payment solutions at risk
If you have been advised to give credit card details, you must make sure to block credit cards and inform the bank that you have been defrauded.
If your password has been exposed, this must be replaced
If you suspect that username / password has been exposed then you must change your password.
Read more about Online Fraud Sikresiden.no
Seksjon for digital sikkerhet, IT-Avdelingen
PGP (public key): 0xEFF99109C95AF4BF
Phone.: +47 906 64 350