Ensuring the security of your information is a continual process and also your responsibility as a computer user.
A computer virus or malware is a commonly used term to describe all types of malicious software including Trojans, worms, adware, and spyware. Each have slightly different functions, but usually either try and damage the software on your computer, or send information about your computer usage to an outside source over the internet. The details of each type are explained below:
Trojans: A Trojan, as the name suggests, pretends to be something good, like virus scanning software or other useful applications. In reality they run malicious programs in the background that can perform any number of functions, like allowing an outside user to copy your files, see your browsing history, or even take remote control of your computer.
Worms: A computer worm is a self-replicating computer program. It uses a network to send copies of itself to other computers on the network, and it may do so without any user intervention. Unlike a virus, it does not need to attach itself to an existing program. Worms almost always cause at least some harm to the network, if only by consuming bandwidth, whereas viruses almost always corrupt or devour files on a targeted computer.
Adware: Adware or advertising-supported software is any software package which automatically plays, displays, or downloads advertisements to a computer after the software is installed on it or while the application is being used. Adware is usually seen by the developer as a way to recover development costs, and in some cases it may allow the software to be provided to the user free of charge or at a reduced price. As a result, the advertisements may be seen by the user as interruptions, annoyances or as distractions from the task at hand.
Spyware: Spyware is computer software that is unknowingly installed on a personal computer to collect information about a user, their computer or browsing habits without the user's informed consent. Spyware programs can collect various types of personal information, such as Internet surfing habits and sites that have been visited, but can also interfere with user control of the computer in other ways, such as installing additional software and redirecting Web browser activity. Spyware is known to change computer settings, resulting in slow connection speeds, different home pages, and/or loss of Internet or functionality of other programs.
Unfortunately, there are many ways your computer can become infected. Some of the main causes to an infected computer included: illegally downloading music and movies, clicking on ads, browsing to compromised websites, and in general not being cautious when it comes to web browsing. Be sure to follow the safe browsing habits and remember, it's always better to be safe then to be sorry.
There is a wide variety of virus symptoms that differ based on what type of infection you have and how far the virus has progressed. A list of common symptoms is listed below:
The first order of business is to get anti-virus software. Students and faculty can download ClamXAV and Windows Defender/Security Essentials for free, but the protection shouldn't stop there. We also recommend downloading other virus scanning tools, here at the OSU Computer Helpdesk we often use Malwarebytes and SUPERAntiSpyware both of which are available for free.
Click HERE to watch a tutorial about running a virus scan with Malwarebytes.
After obtaining the software simply run the program and have it scan for viruses. A good habit to exercise before each scan is to double check that the software's definitions are up-to-date. In order to update the definitions there should be either a tab or button that relates to updating the software, e.g. "Check for Updates online."
CryptoLocker is malicious software that encrypts your data files (word, powerpoint, pictures, music, videos, etc.). The nefarious individuals then hold your data for ransom and try to extort money from you.
All computers using Windows XP 2, Vista, 7, 8 and 8.1. This includes any Apple or Linux based computers running Windows in a virtual environment like Bootcamp, Parallels or VMWare.
Encryption encodes your data so only you and authorized people or authorized websites can read the data. Example – When you use a banking website that has “https” in the address bar, the information you transmit to and from that website is encrypted/encoded.
The encryption designed to safeguard your data is used against you when CryptoLocker infects your computer. Your data files are encrypted with a unique key that only the malicious people/hackers have access to. Encryption can not be broken at this point in time without the key. When your data is encrypted and the key is lost, the data is essentially lost forever.
Bad guys prey upon people's fears to steal their money and information. One of their favorite tricks is to tell people that their computer is (or might be) infected, and they are relying on you to respond in a manner that installs a virus on your computer.
In some cases, your computer may already be infected before you see the popup. The safest thing to is shut it down and take it to the OSU Computer Helpdesk or your IT support staff to resolve the issue.
But you can protect yourself before you're affected.
There are three big ways to protect yourself before you're affected.
There are a few additional steps you can take.
A few things to check for if you are unsure about the message are:
If you think you may have accidentally clicked on a fake antivirus warning, shut down your computer. Students can bring laptops to the Walkup Helpdesk for malware scans, while faculty and staff should contact their IT support staff.
The viruses that get installed can:
OSU work computer - Please contact your IT support staff.
OSU Students - Contact the OSU Computer Helpdesk.
Self help options for personal computers
Click HERE to watch the tutorial about running a virus scan with Malwarebytes.
Oregon State University utilizes a device on our network called FireEye. This device monitors the network for patterns of activity a computer displays when it is infected with malware, or has been compromised by hackers.
When the FireEye device detects signs of malicious activity, it sends an alert to the OSU Computer Helpdesk, who, in turn, sends a notification to the registered owner of the computer. The user is then responsible for contacting the Helpdesk to resolve the issue. This document outlines that notification process.
Please Note: While every attempt will be made to resolve the situation through this process, there may be instances where the availability, confidentiality, or integrity of the OSU network or the data residing therein is placed at risk by the activity discovered on the device. In such cases, network access for that system will be blocked prior to notification.
OSU notifies users when a malware infection is detected on their computer. Users must come in for help, or inform the Helpdesk that the infection has been removed.
Notifications include technical details on the infection and give users information on how to clean their own computers. Please note that the notifications will be from email@example.com and will be followed with an email from firstname.lastname@example.org detailing options you have to clean your computer.
If the user does not come in for help or notify the OSU Computer Helpdesk and they continue to receive notifications from email@example.com then the user’s network access will be disabled and a notification of the access restriction will be sent.
A user is not typically disabled until after three notifications have been sent, but there are circumstances that will extend the amount of notifications before loss of network access, such as a long period of time between malware notifications from FireEye.
Below are examples of the notification e-mails sent to users, which can be used as reference to ensure these are not fake emails or phishing attempts.
Example from Security:
Example from the OSU Computer Helpdesk:
There is a virus for Mac that has recently started to pick up steam (infected over 600,000 Mac computers worldwide). It is called the Flashback trojan, and relies on a vulnerability in your computer's Java installation. This virus operates in the background, so many users don't know they are infected. Click Here for more details, and steps you can take to see if your computer is infected.
Currently there are multiple malware programs circulating designed to infiltrate Mac OS. These programs are similarly designed to look like legitimate antivirus programs and tell users that their Mac is heavily infected with viruses. The program then harasses people into providing credit card information to purchase fake anti-virus program to remove the infection. This is a ploy to get your personal information.
Often times these programs are automatically downloaded but cannot be installed without the permission of the user, by way of an administrator password. People who are not aware of these malware threats can unknowingly install these programs on to their machines. ONLY install programs on your machine that are from trusted publishers and that you have knowingly downloaded. Also, make sure that you have an updated antivirus program on your Mac. Students and Staff of OSU have access to free antivirus programs.
Here is some info from the Apple Support community about removing Mac Defender.
The Flashback virus targets a security hole in the Java software installed on your computer. Java is included with OSX, the operating system on your Mac. The virus is designed to steal personal information in the background without the user noticing, so once your computer is infected, you may not see any difference in the way it runs. To find out if your computer is infected, read the section below.
A new variant of the flashback virus has become available. In order to check if your device has this new variant you will need to open a terminal window by either searching for it using the Finder, or by opening Applications->Utilities->Terminal, then typing the following commands:
You will be looking for any files ending in the extension ".so". There is a pending list of possible files that may be listed in that directory, so far they are:
There are several other files that may be there, their names and locations are as follows:
For removal instructions, read the information below:
Apple has released a software update that should fix the most common variants of the infection: directions on downloading that update are provided below:
If you do not have ClamXAV installed, you can download and install it from their website.
PLEASE NOTE: The removal process involves running scans and possibly installing programs on your Mac. If you are not comfortable doing this on your own, you can get help on campus:
There are several steps you can take to keep your Mac safe from infection.
Keep your Mac (and other programs) up-to-date
All viruses are designed to exploit security holes in different programs, and most updates work on patching these holes as they are discovered. Using out-of-date software makes it easier for infections to target your system.
To check your Mac for Apple updates:
To check your Mac for other program updates:
This varies based on what program you are using, but it can generally be found by opening the program, then looking for an "Updates" option in one of the top menus.
Updating your Operating System:
Older Mac Operating Systems (OSX) have additional vulnerabilities that newer versions don't have. The latest versions of Mac OSX are 10.7 and 10.6. You can check which version of OSX you are using by clicking the Apple symbol in the upper-left hand corner of your screen, and clicking on "About this Mac". If you have a version that is below 10.6, you may want to consider purchasing an upgrade for your computer if possible. Contact the OSU Computer Helpdesk for more details.
Install an Anti-Virus Program
Everyone is elligible to download free antivirus from ClamXAV. If you need help installing an Anti-Virus program, you can bring your Mac (If it is a laptop) to the Walk-Up Computer Helpdesk in the Valley Library. Note if you are faculty with a department owned Mac, you will need to contact your department support group for help.
Practice safe browsing habits when using the internet
Browsing to the wrong website is one of the most common forms of infection. Follow the suggestions on the safe browsing page for safe browsing tips.
Currently, 10.5 users and earlier are going to have to disable their Java until they can remove the infection, as the new update from Apple doesn't cover their OS. If you're not sure on how to find your OS version, follow the directions below:
PLEASE NOTE: If you are using OSX 10.5 or earlier, we highly recommend (for security reasons) that you look into purchasing an update if your computer supports it. If you have questions about updating, contact the OSU Computer Helpdesk.
If you are faculty and using a department issued laptop, you should be eligible for an upgrade through your department. Contact your department support group for help.
In order to keep your information secure you must keep your password secure. The following are not the only ways to keep your password secure, but they are a good start:
Passphrases are more secure than passwords because they are generally longer, making them less vulnerable to attack. They also allow you to remember your credentials, even when they expire frequently. The idea of a passphrase is to use a statement, or motto, rather than a word peppered with odd characters and symbols, as the latter can be difficult to dedicate to memory.
For instance, try:
It is a good idea to add numbers/symbols in place of some letters for common passphrases. That way, it is harder for an outside user to guess your passphrase.
Now you have a password that's already in your memory, and you can recall this new passphrase with greater ease. Of course, you should avoid using passphrase without adding some special characters, as hackers can attack your account with commonly used statements or quotes.
Please Note: Some systems won't accept spaces in a passphrase, while others won't accept a large number of characters. You can contact the OSU Computer Helpdesk with any questions regarding passwords.
Network Engineering uses several tools to help keep spam from reaching your mailbox. Read on for more information about what we are doing to prevent spam, what you can do, and how to keep your address off of spammers' lists.
Spam is defined as unsolicited, bulk e-mail. Typically spam comes from strangers - people who have obtained your e-mail address without your permission. If you signed up for the mailing (intentionally or accidentally), it may be undesirable e-mail, but it is not technically spam. Likewise, if you have some sort of business relationship with the sender, it is not spam. So, an e-mail sent to you from your bank, an online service you signed up for, or your department at OSU would not be considered spam.
Note: Using OSU's e-mail system to send unauthorized bulk mailings is against the Acceptable Use Policy. For information about how to do a bulk mailing at OSU correctly, please see the Guidelines for Release of E-mail Addresses.
If Step 1 doesn't stop the spam from coming through, you can report the spam to OSU Network Engineering:
Greylisting works by sending a temporary failure message on the first attempt of a unique combination of sender IP, sender and recipient. Legitimate, properly-configured mail servers deal with a temporary failure by queuing the message and resending later (typically within 15 to 30 minutes). On subsequent attempts to send a message, the greylisting server allows the message to be delivered.
Greylisting works as an effective method to prevent spam because spammers typically do not bother to queue mail. Rather they blast the spam out once and ignore delivery failures.
The downside of greylisting is that it may cause a legitimate message to be delayed. Messages may also appear to arrive out of order, as subsequent messages from the same sender are not delayed. Also some sites do not queue and redeliver messages properly.
OSU addresses these issues by building up a comprehensive whitelist of allowed senders. If there are sites that you are concerned about, please send us a list at net (at) oregonstate.edu, and we will add them to the whitelist.
NOTE: Greylisting does not apply to e-mail sent within OSU.
A RBL is a list of hosts that are known untrustworthy e-mail senders. When we receive email from one of these sites, we bounce the message back to the site with an explanation that they are in an RBL and a link with directions on how to get unlisted from it. In addition to RBLs, we have an access list of domain names and email addresses of known spammers that we reject mail from. We also block mail from dynamic IP ranges, because mail servers should never have a dynamic IP. Finally, we block mail from dialup users and cable modem users - these users must relay through their ISP's mail server (or they can relay through OSU with ONID authentication).
We use the following RBLs at OSU
If you are having trouble receiving mail from another site because they are listed in one of our RBLs, please tell the person at the remote location to contact their e-mail administrator or ISP and give them the information in the bounce message that they received from OSU. Contact us at net(at)oregonstate.edu if the sending site is unable or unwilling to get unlisted - we may be able to help them get unlisted, or whitelist the site here.
For more information about phishing, please see the Phishing helpdoc page.
OSU blocks e-mail messages that contain a reply-to address that goes to a known phisher. If practical, we will also "poison DNS" for links included in phishing e-mails, so that clicking the link will redirect you to a safe page instead.
If you respond in any way to a phishing e-mail that asks for your username and password, we will disable your account and ask you to reset your password. OSU has had several accounts become hacked in the past and these hacked accounts have been used to send hundreds of thousands of spam e-mails to OSU and to the world, causing serious e-mail disruption.
NEVER respond to phishing e-mails!
Content-based filtering refers to sorting or deleting mail based on the content of the message itself. We do content-based tagging at the mail relays using SpamAssassin, and these tags can be used to filter spam in your e-mail client.
Many e-mail clients now come with "Junk Mail" filters built-in, which you can turn on to help sort out the messages you don't want to see. When you use a junk mail filter, make sure that you set it to sort the unwanted mail into a junk folder, rather than your deleted items. That way, you can check the junk folder once in a while to make sure that no innocent e-mails have ended up there.
SpamAssassin headers that you can filter on:
X-Spam-Flag: YES (indicates that this message has a score of 5 or more)
X-Spam-Level: ******** (the number of stars indicates the spam score)
For example, to filter all messages with a score of 3 or higher, you could create a rule in your email client to match on "X-Spam-Level: ***".
Instructions on how to set this up can be found here.
The best way to avoid being spammed is to be careful how you share your e-mail address. Every time that you sign up for something online and provide your e-mail address to do so, you are potentially sharing your contact information with not only that site, but with third parties as well.
The following are things you can do to keep your address off spammers' lists:
In the past, most spam came from misconfigured mail servers or proxy servers. But today most spam comes from virus-infected personal computers, hacked e-mail accounts and free e-mail providers. See the Wikipedia article on Spam for more information about how spammers operate.
One very important thing that you can do in the fight against spam is to keep your computer up-to-date on software patches and anti-virus software. It's also a good idea to run a personal firewall. Use caution when opening e-mails from addresses you don't recognize, and always scan email attachments for viruses. If your computer has become noticeably slower, it's a good idea to run virus-detection software.
Finally: NEVER share your password!
Inbox Rules can be used to lower the amount of spam received to exchange? email addresses.
These instructions do not apply if you receive your ONID email via Google Apps for OSU. Email filtering will not work with ONID if you have your ONID account set to forward to another email account. For more information about forwarding, click here.
Following are directions for setting up Spam Assassin and Mail Filters on ONID:
Personal Mail Filters
To customize junk email controls:
To train Thunderbird:
Quick Jump Links:
If you would like to report spam emails, please follow the process below for your particular mail client.
1. Once you are in the phishing attempt email, click on the little drop down arrow. This will bring up several options.
2. Click on the “Show original” option in that drop down menu.
3.This will open a new tab with a page that looks like this, a lot of text. You will need to copy and paste this text into a new email. An easy way to highlight all of the text is to press the Ctrl button and the A button at the same time. After that you can press Ctrl and C together to copy it.
4. If you feel the message is abusive or asking for your crendentials please send it to phishing (@) oregonstate.edu. Otherwise send the email to spam (@) oregonstate.edu and we will look at it.
Due to the widespread use of web bugs in email, simply opening an email can potentially alert the sender that the address to which the email is sent is a valid address. This can also happen when the mail is 'reported' as spam, in some cases: if the email is forwarded for inspection, and opened, the sender will be notified in the same way as if the addressee opened it.
E-mail fraud may be avoided by:
Many frauds go unreported to authorities, due to shame, guilty feelings or embarrassment, but if you ever fall victim to an e-mail fraud that involves theft, either monetary or of your identity, contact the authorities immediately. You could help save many people from the same problem.
One of the most prevalent types of email fraud comes of the form of offers that are too good to be true. The fraudulent offer typically features a popular item or service, at a drastically reduced price. Most of these are just an attempt to get your credit card information and if something seems too good to be true, it probably is.
Another type of bogus offer affects people who use Ebay, Craigslist, or any other online retailer for selling their belongings. The typical scam is that a person will contact you offering to pay the full amount, or even more for a rush delivery, but they refuse to pay you until they receive the item for inspection or some other reason.
Here are some examples:
Phishing is an attempt by a person or organization to gain information such as usernames, passwords or credit card information. Once the unauthorized person gathers this information, they can use it to fraudulently purchase items on YOUR credit card, send real or spam e-mail from YOUR e-mail address, or sign up for services in YOUR name. Examples of phishing messages have been compiled to help you identify fake messages. The Phishing page on Wikipedia has more information if you are interested.
Aside from financial loss, phishing can also cost you time, as well as your identity. As said above, once you send your information to a phishing email, someone can start making charges to your name. Not only will you now owe for someone's else's expenditures, you also get to spend hours trying to cancel cards, reverse orders, and try to get your financial life back. This can be very taxing financially, and take a lot of your spare time.
You will also now have a flood of messages from services you've never used before. Accounts for forums, online retailers, lists, just about anything, can start being funneled to your email address. What's worse, the phisher can also spoof your account, and potentially get your account disabled for spamming.
If you receive a phishing attempt and would like to report it, please select your email client from the following list for instructions on reporting a phishing attempt.
Phishing e-mails can arrive in various forms. This page is designed to help you recognize some common features of these attacks.
The reply email address will almost always be different from the person that appears to be sending the fraudulent e-mail. This is because the person trying to get your account information is hoping you will hit reply and not notice who the email is actually being sent to. If you did respond to one of these emails and realize it later you should change your password immediately.
This is specific to just ONID accounts, but any e-mail address that required prior registration information from that organization is NOT "anonymous registration." No email service will ever send you an e-mail stating your account will be deleted unless you respond with account information! If you are unsure about the e-mail server you are using and think they may do something like this, either call or send a email directly to the support team e-mail that is on the website to ensure that it doesn't get sent to a fraudulent individual.
No technical support or e-mail provider should ever ask for any personal information, especially passwords. If you have NOT contacted your e-mail or internet provider for help, be very suspicious of any email you receive claiming to be technical support, because tech support should not contact you unless you have asked for help.
Many times automated messages are created by pulling different sections of text out of a database and often times the information that gets pulled for the email has conflicting information. Of course both propositions of having your account disabled or deleted in 48 or 24 hours is scary and causes many people to act too quickly. ONID will notify you of account deletion or deactivation at least a couple weeks before anything is done. If an email gives you a deadline within hours or days the chances of it being a scam is greatly increased.
If you receive a legitimate email message from an administrator of your email the from address should always have the same domain as your email. For example if you receive something from ONID you know your ONID address is of the form "firstname.lastname@example.org" so the message should be from "email@example.com". This is a good first check to see if a message is real.
This is harder to recognize since you may not always know this information but if it looks wrong to you check it out. Usually information like this will be clearly listed on your email providers page and can easily be verified.
No technical support group will EVER ask for this kind of information by email. If for some reason we need to have you update information we will send a message that simply asks you to go to ONID and sign in yourself to update it. Also be careful of messages that send you a link to update your information since the link doesn't always go where it says. It is always better to type in the address yourself rather than clicking a link!
The "request for help" type of e-mail fraud takes this form. An e-mail is sent requesting help in some way, but including a reward for this help as a "hook," such as a large amount of money, a treasure, or some artifact of supposedly great value
The modern e-mail version of this scam, known variously as the "Nigerian scam", "Nigerian All-Stars," etc., because it is typically based in Nigeria, is an advance fee fraud. The lottery scam is a contemporary twist on this scam.
Responding to these emails cost someone money and loss of their identity, You can see stories of victims at http://www.google.com/news/search?aq=f&pz=1&cf=all&ned=us&hl=en&q=nigerian+scam.
Examples can be found at fraudgallery.com or you can view the thumbnails below for some basic examples.
E-mail sent from someone pretending to be someone else is known as spoofing. Spoofing may take place in a number of ways. Common to all of them is that the actual sender's name and the origin of the message are concealed or masked from the recipient. For more information, visit http://en.wikipedia.org/wiki/E-mail_spoofing
One very common example of spoofing is when people receive e-mails in their inbox saying that a message could not be delivered to a recipient, even though they do not remember sending that message. In this case, someone has learned what your email is and sent spam e-mails pretending to be from your address and the e-mail address was incorrect and sent a bounce message back to your e-mail address.
The thumbnails below show some examples of spoofed e-mail messages:
Whether you are using a Mac or PC, updating your operating system is very important. Updates are released on a regular basis to help protect your computer and to keep it running smoothly.
PC - How to install updates for...
Mac - How to update your Macintosh OS X
Your web browser is your gateway to the internet and is often times the entry point for computer viruses. It is therefore important that you frequently check for updates to your browser.
Internet Explorer - Updates are includes as part of your Windows updates
Mozilla Firefox -
Safari - Safari updates are included with Mac OS X updates. To update you Mac, go here.
Apple periodically releases updates and patches that will protect Mac OS X from being attacked by viruses and other malicious programs. Configuring OS X to automatically install these patches will ensure your computer is always protected.
1. Click on the Apple menu, and choose System Preferences.
2. In the window that appears, select Software Updates from the System section.
3. Check the box by Check for Updates and select Weekly from the pull–down menu.
4. Check the box by Download important updates in the background.
Microsoft periodically releases security patches for Windows operating systems. Downloading and installing these updates will help protect your computer from viruses and threats. All you need to install updates on your computer is an active internet connection, and the instructions below:
Click the Start circle at the bottom left of your desktop.
Click the All Programs option at the bottom of the menu.
Click the Windows Update option in this list.
Note: If a link for Windows Updates does not appear in this list, you can always access it by opening up the Control Panel.
A separate window should open. When it does, select the Check for Updates option on the left-hand menu. Windows will then go online and check for available updates.
When the check for updates is finished, Windows will display a screen similar to this one, letting you know how many updates were found.
Note: if no updates are found at this point, you already have all the latest updates installed.
If you notice that the number of updates available and the number of updates selected is different (as it is on the screenshot to the right), or there are optional updates available, you should click on the link to view the list of updates and select any that are missing.
Note: Sometimes Windows will leave certain updates un-selected if they are large and will take longer to install. These are still important updates, and should be installed if you have the time to let your computer sit and install them.
If it already says you have all the updates selected, you can skip to step 6.
This screen should display a list of available updates. Check the box at the very top (the one above the list). This will select all the updates in the list for installation.
If you have optional updates available, you can click the Optional tab on the left to view them. If you see things like language packs or toolbars (like the Bing desktop toolbar), you can leave them un-checked because they are optional software. If you see any general updates in this list, it is a good idea to check the box next to them for installation.
Click the OK button when you are finished selecting updates
You should now be looking at the same screen as Step 4. Click the Install Updates button, and Windows will begin downloading and installing your updates.
You will see a progress bar similar to the one on the screenshot to the right. This will show you the current progress. Once the progress bar is full, Windows will be finished installing your updates!
Note: Windows may ask you to restart your computer when updates are done. If it does, it is a good itea to restart right away. Also, if you had a lot of updates to install, you should run through the steps on this page again after your computer restarts, as additinal updates may become available after installation.
Microsoft periodically releases security patches for Windows operating systems. Downloading and installing these updates will help protect your computer from viruses and threats.
1. Open Internet Explorer » Go to windowsupdate.microsoft.com.
If a "Security Warning" or a prompt to install software appears, confirm it is from Microsoft, and then click "Yes."
2. Click the button titled Express.
3. Wait briefly while the site scans your computer to see what updates are needed.
4. At the next screen, click the Install Updates button.
5. Any needed high-priority updates will be downloaded and installed. If you are prompted to restart after the updates have been installed, do so.