Computer users need to stay vigilant against cyberattacks through downloaded viruses and malicious software (malware). These attempted attacks are very common and not always easy to spot, some disguising themselves as search toolbars or even antivirus software! They can have severe consequences ranging from data loss to identity theft, including theft of financial information and funds.
How can I protect my computer?
Always keep your software up to date so you receive any critical software patches. IU recommends the following security software, provided at no cost to students and employees:
Avoid these traps: fake antivirus & autorun
Antivirus scams
One of the most popular scams works by frightening computer users into downloading fake antivirus software. Also known as “scareware,” this often starts with messages popping up onscreen, warning that a virus has been detected and must be removed by downloading the “antivirus” software.
The antivirus scam is a double threat: scammers can gain access to credit card information used to purchase the fake software, and install malicious code through the download.
If you’re getting a pop-up message or ad prompting you to download software or offering a “scan” of your computer, DO NOT CLICK. The safe way to get legitimate antivirus software is directly through a trusted vendor’s website, not a pop-up or advertisement. IU provides free, reliable antivirus software through IUware.
If the window is still open, quit your browser, turn off your computer, and log into a different terminal to report the incident.
Disable autorun
Files and applications with an “autorun” function will start automatically when a disc or drive is connected to your computer. While this may be convenient for installing programs, it can also allow viruses and malware to hide on a disc or USB and launch as soon as the infected item is inserted.
Disable autorun and autoplay functions to protect against these attacks.
There is no way to know what the drive contains without connecting it to your computer, so you need to disable autorun and autoplay in order to view files without launching them. Don’t open files if you don’t know what they contain, and be especially wary of files containing “autorun.inf.”
- Disable autorun features. This means that CDs and USB devices will not autoplay when inserted and you will not be prompted for action every time any device is connected to the computer.
- Prevent autorun.inf creation on file shares. Do not allow users to write to the root of file shares. Instead create a folder structure inside the share for users.
- Prevent use of USB devices on computers. With group policy you can easily prevent USB devices from mounting on Windows computers. With a little more work, you can also allow pre-approved devices. This will help stop the spread of any virus through USB devices since the devices themselves will no longer work on these computers.
Any computer that has autorun enabled can be vulnerable to this type of attack. As an example of how this can occur, recently a server administrator at IU was using Identity Finder to scan a server for sensitive data. The administrator mapped a drive to a file server and, shortly after, the local firewall and anti-spyware program began alerting on outbound Internet connections and registry changes.
Now alerted that something was wrong, the system administrator discovered an autorun.inf file on the root of the share that was previously mapped for scanning. The autorun.inf started an autorun.exe that turned out to be a trojan that was not recognized by Symantec Antivirus. The system administrator contacted the University Information Security Office at it-incident@iu.edu. Working with the system administrator, we searched for other compromised computers and submitted a virus sample to Symantec, who quickly released a virus definition update that recognizes the Trojan W32.SillyFDC.
Ransomware
Do you know what it is?
Ransomware, which holds your files for 'ransom', is a very real threat. When a computer becomes infected/compromised with ransomware, it begins to encrypt the files so no one can access them without paying a fee. Once the files have been encrypted, ransomware then displays a message about how you, supposedly, can gain access to your files by paying a ransom. There is no guarantee paying the ransom will allow you to regain access to those files.
How can I prevent ransomware's effectiveness?
If your department has any servers, you should scan them regularly. Be sure to resolve any issues the scanner identifies. The vulnerability scanner offers advice on how to fix known issues, so you aren't left in the dark. Don't forget to scan your websites. The vulnerability scanner can help protect those web applications, as well.
Backups are critical
Good backups are critical. If, for whatever reason, your system becomes infected, the best course of action is to restore a fresh copy of the files from your backup. Don't forget you should regularly test your backup process to ensure it is working and that you can restore those files when needed.
Apply updates to applications and operating systems
Be sure your systems are fully patched. Often, we make sure the operating system is patched, but we neglect applications. Yes, it is possible for someone to compromise a computer through a vulnerable application. It is crucial that you keep applications updated. Adobe Flash and Oracle Java are some of the known applications that often have exploits that are unknown to the vendor (also known as zero day vulnerabilities).
Avoid phishing scams
Last, but not least, watch out for those phishing scams. According to CSO Online, 93% of phishing emails are now ransomware. Phishing scams are fraudulent messages that appear to come from legitimate people or institutions. IU's Phishing website can help you to understand more about the risks and how to prevent yourself from becoming a victim of phishing.