Computer users need to stay vigilant against cyberattacks through downloaded viruses and malicious software (malware). These attempted attacks are very common and not always easy to spot, some disguising themselves as search toolbars or even antivirus software! They can have severe consequences ranging from data loss to identity theft, including theft of financial information and funds.
Malware & Scareware
How can I protect my computer?
Always keep your software up to date so you receive any critical software patches. IU recommends the following security software, provided at no cost to students and employees:
Avoid these traps: fake antivirus & autorun
One of the most popular scams works by frightening computer users into downloading fake antivirus software. Also known as “scareware,” this often starts with messages popping up onscreen, warning that a virus has been detected and must be removed by downloading the “antivirus” software.
The antivirus scam is a double threat: scammers can gain access to credit card information used to purchase the fake software, and install malicious code through the download.
- How do I know if it’s a scam?
- If you’re getting a pop-up message or ad prompting you to download software or offering a “scan” of your computer, DO NOT CLICK. The safe way to get legitimate antivirus software is directly through a trusted vendor’s website, not a pop-up or advertisement. IU provides free, reliable antivirus software through IUware.
- What should I do if I clicked on something suspicious?
- If the window is still open, quit your browser, turn off your computer, and log into a different terminal to report the incident.
Files and applications with an “autorun” function will start automatically when a disc or drive is connected to your computer. While this may be convenient for installing programs, it can also allow viruses and malware to hide on a disc or USB and launch as soon as the infected item is inserted.
Disable autorun and autoplay functions to protect against these attacks.
- How can I tell if drive or other media is infected?
- There is no way to know what the drive contains without connecting it to your computer, so you need to disable autorun and autoplay in order to view files without launching them. Don’t open files if you don’t know what they contain, and be especially wary of files containing “autorun.inf.”
- What do system administrators need to do to protect against autorun problems?
- Disable autorun features. This means that CDs and USB devices will not autoplay when inserted and you will not be prompted for action every time any device is connected to the computer.
- Prevent autorun.inf creation on file shares. Do not allow users to write to the root of file shares. Instead create a folder structure inside the share for users.
- Prevent use of USB devices on computers. With group policy you can easily prevent USB devices from mounting on Windows computers. With a little more work, you can also allow pre-approved devices. This will help stop the spread of any virus through USB devices since the devices themselves will no longer work on these computers.
- Can autorun issues affect IU computers?
Any computer that has autorun enabled can be vulnerable to this type of attack. As an example of how this can occur, recently a server administrator at IU was using Identity Finder to scan a server for sensitive data. The administrator mapped a drive to a file server and, shortly after, the local firewall and anti-spyware program began alerting on outbound Internet connections and registry changes.
Now alerted that something was wrong, the system administrator discovered an autorun.inf file on the root of the share that was previously mapped for scanning. The autorun.inf started an autorun.exe that turned out to be a trojan that was not recognized by Symantec Antivirus. The system administrator contacted the University Information Security Office at firstname.lastname@example.org. Working with the system administrator, we searched for other compromised computers and submitted a virus sample to Symantec, who quickly released a virus definition update that recognizes the Trojan W32.SillyFDC.