- What are computer viruses?
- Protecting against virus infection
- Free download of UBC licensed anti-virus software
- Avoid disreputable websites
- Updates and patches
- Have I been hacked, cracked, attacked or infected?
- What to do if you've been hacked or cracked
- What not to do if you've been hacked or cracked
- What to do if your computer has been infected by a virus
Viruses are destructive programs and computer codes which attach to other programs, replicate themselves and then seek to spread from one computer to another.
Designed to hide in the background of a system, and be difficult to detect, some viruses are even designed to be "triggered" on a specific date or when a specific program is running. They can also mutate over time or be modified by someone who has access to the code, changing their own content as they replicate. Pirated computer games are frequently infected.
Computer viral infections can:
- Corrupt existing system software
- Harm, destroy or overwrite reserved areas of the operating system or parts of files
- Scramble or delete files from hard drive
- Display unwanted message
- Slow down system operations
- Disable certain system functions
- Cause erratic system behaviour
- Prevent or inhibit access by system users
- Provide multiple back doors for hackers and other tools to further spread the infection
Viruses can be transmitted on any platform -- Macintosh, Windows, Unix or mainframe, spreading from computer system to computer system, infecting the host machine or other machines attached to a server or network.
Viruses are always created with malicious intent, but anyone can spread them unknowingly and inadvertently.
Recently a new form of virus, called cryptoviruses, have begun infecting individual computers at a high rate. Cryptoviruses are destructive viruses which encrypt files on your hard drives and mapped network drives. Following encryption, the user is presented with a warning and asked to pay a ransom in order to decrypt the files.
For more information about cryptoviruses and how to protect against them, please see our page on Cryptoviruses.
Basic precautions you can easily take to prevent virus infections include:
- Always use anti-virus software
- Scan any programs you are downloading for viruses before you use them. Many current releases of virus scanning software automatically scan for viruses when files are being downloaded over a network.
Keep your anti-virus software current by downloading the latest virus definitions. Since new viruses are being sent out every day, set up your anti-virus software to download virus definitions automatically and regularly.
Sophos, the anti-virus software recommended by UBC, automatically updates virus definitions, engines and software; other software may use different updating processes. It is free and available to download from the UBC Software Download site.
Check the IT Security Alerts list frequently for the latest virus attack warnings and protections. Occasionally, virus hoaxes or false reports about non-existent viruses will be spread. These may cause some recipients who believe a hoax to be real to take drastic actions, such as shutting down their network. If you receive an e-mail alert about a virus, be advised that it is probably a hoax. (To determine if an alert is a hoax, we recommend that you check with IT Security web site or call the Help Desk.)
Do not open any e-mail attachments unless you are expecting an attachment from someone you know and trust. Delete them without opening them. Many viruses arrive as attached files and can spread by opening address books and mailing themselves to everyone on your contact list. Make sure you scan all your emails with your anti-virus software.
- New exploits often appear first on cracker or warez sites. There may be scripts that can attack or get information from your computer. Some dishonest operators run look-alike web sites that may pretend to be well known companies like eBay or PayPal. Always check the website address closely when asked for personal or financial information and if in doubt, navigate to the known company address yourself. Become familiar with cookie settings and other browser security settings.
- Avoid downloading and installing unknown or unapproved software.
- Do not use illegal or "pirated" software. All software should be acquired from reputable dealers.
- Do not use shareware or public-domain software until you have scanned the program with your anti-virus software.
- Make sure new software is shrink-wrapped, and scan it before using on your computer.
- Scan all USB drives for viruses before using them on your computer, including those containing your backup files.
- Do not use your USB drive on another computer if you suspect that your computer or any of your USB drives are infected.
- Scan the hard drive for viruses on a "new" computer with pre-loaded software or a pre-formatted hard drive before you begin regular computing.
- When acquiring a previously-owned computer, reformat the hard drive to destroy any viruses and to remove illegal copies of software.
- Do not boot your computer with a USB drive that has not been scanned for viruses even if you think the USB drive only contains data.
Viruses target vulnerability gaps that software updates and patches close. Software vendors frequently release critical updates to help eliminate security risks, but they only work if you install them.
- Turn on the Automatic Update feature of your operating system
- Windows Update
- Macintosh Support Updates
If you notice something "odd" about the way your computer is operating, chances are you have reason to be concerned. Look for symptoms and warning signs that include:
- Your computer is running exceptionally slow, is unable to connect to network services, or is simply not functioning. These symptoms may indicate a "denial-of-service" attack, your computer's network has gone down or is running slowly. If you find that you are unable to connect, check to see if others are having the same problem. If the problem is isolated to your system, and you have not received an e-mail notifying you that your network connection has been turned off, the problem may be the result of a malicious hacker.
- Unexplained disk activity. Some systems do disk-related clean-up while the system is idle, so this may be system "housekeeping."
- Unusual log entries, such as login failures, user additions/ deletions, or network connections to unfamiliar services.
- System appears to be less responsive than normal.
What to do if you've been Hacked or Cracked
If you feel that you are victim of a security breach, immediately cease access to the system and report the incident.
A compromised computer or application is a crime scene. The more you interact with the scene of the crime after the incident, the less likely useful information about the crime will be gathered successfully from the scene. As fingerprints contaminate the chain-of-evidence in theft investigations, so will innocent key-strokes and mouse movements in a computer crime scene investigation.
To aid the security investigation, be prepared to answer the following questions.
- How did this incident come to your attention?
- Does anyone else use the computer(s) involved in the security breach? If so, who?
- Is there any sensitive or proprietary data on this machine that may require immediate action to prevent further risk?
- Have you opened any suspicious e-mails or downloaded any suspicious programs that may have lead to this incident?
- When was the last time your virus scanning software was updated? When was the last time you patched your operating system and applications?
All information is good information when it comes to the investigation of a security breach. Write down any further information you may have regarding the incident, and sign and date each page. This information may be used for evidence should prosecution be required.
What not to do if you've been Hacked or Cracked
- Do not launch a retaliatory strike or "flame war" on the suspected source system or attacker. Incoming attacks often use forged source addresses, and the identity of the attacker is usually obscured. Any repercussions will be directed to an innocent third party.
- Do not try to remove the virus, unless your virus software does it automatically for you. Make sure your computer has the most current virus definitions for your anti-virus software before scanning for viruses.
- Disconnect your computer from the network -- unless your anti-virus software has removed your virus infection automatically. Unplug the ethernet cable, or if your computer uses a wireless connection, either deconfigure the wireless card or physically pull the card out of the socket. This will prevent an attacker from doing further damage to your system, and using your system to attack others.
- Leave your computer disconnected from the network unless otherwise instructed. It is possible that processes left by an attacker may not restart after rebooting, which will make it more difficult to determine the cause of your problem. Also, other hacks left on your computer may take effect during reboot.
- Report the Incident.
- Preserve system logs and other data that might be useful in tracking the source and nature of the intrusion. Just as evidence at the scene of a crime may allow police to track down a criminal, information on your compromised computer may provide clues as to the source of the attack.