Computer Viruses

What is a computer virus?

A computer virus or malware is a commonly used term to describe all types of malicious software including Trojans, worms, adware, and spyware. Each have slightly different functions, but usually either try and damage the software on your computer, or send information about your computer usage to an outside source over the internet. The details of each type are explained below:

Types of computer viruses

Trojans: A Trojan, as the name suggests, pretends to be something good, like virus scanning software or other useful applications. In reality they run malicious programs in the background that can perform any number of functions, like allowing an outside user to copy your files, see your browsing history, or even take remote control of your computer.

Worms: A computer worm is a self-replicating computer program. It uses a network to send copies of itself to other computers on the network, and it may do so without any user intervention. Unlike a virus, it does not need to attach itself to an existing program. Worms almost always cause at least some harm to the network, if only by consuming bandwidth, whereas viruses almost always corrupt or devour files on a targeted computer.

Adware: Adware or advertising-supported software is any software package which automatically plays, displays, or downloads advertisements to a computer after the software is installed on it or while the application is being used. Adware is usually seen by the developer as a way to recover development costs, and in some cases it may allow the software to be provided to the user free of charge or at a reduced price. As a result, the advertisements may be seen by the user as interruptions, annoyances or as distractions from the task at hand.

Spyware: Spyware is computer software that is unknowingly installed on a personal computer to collect information about a user, their computer or browsing habits without the user's informed consent. Spyware programs can collect various types of personal information, such as Internet surfing habits and sites that have been visited, but can also interfere with user control of the computer in other ways, such as installing additional software and redirecting Web browser activity. Spyware is known to change computer settings, resulting in slow connection speeds, different home pages, and/or loss of Internet or functionality of other programs.

How can my computer become infected?

Unfortunately, there are many ways your computer can become infected. Some of the main causes to an infected computer included: illegally downloading music and movies, clicking on ads, browsing to compromised websites, and in general not being cautious when it comes to web browsing. Be sure to follow the safe browsing habits and remember, it's always better to be safe then to be sorry.

What are the symptoms of a virus?

There is a wide variety of virus symptoms that differ based on what type of infection you have and how far the virus has progressed. A list of common symptoms is listed below:

• Speed decrease
• Unexplained freezing/crashing
• Programs that won’t launch
• New programs won’t install
• Computer has trouble booting windows
• Internet access is blocked (completely or certain sites)
• Desktop/appearance/screen saver and other visual settings are changed unexpectedly
• Unable to open files or folders
• Files or folders are deleted unexpectedly
• False pop-ups that appear warning you about viruses
• Deteriorating condition over a period of a few days to a few weeks (viruses that download more malicious software as time goes on)
• Unable to print documents
• Your hard disk runs out of free space (this comes from an infected file making copies of itself)

How can I protect myself?

• For a personally owned computer, use the university sponsored anti-virus program, Symantec Endpoint Protection. If your computer is university owned, please talk to your computer support group for assistance.
• Keep your computer's operating system up to date using Windows Update or Software Update on Mac.
• Read "How to recognize a Fake Virus Alert Message."
• NEVER use file sharing programs to download games, music, movies, TV shows, etc. A large majority of the files shared on this network are infected.
• NEVER click advertisements on the Internet.
• NEVER give anyone your password.
• NEVER respond to SPAM.
• READ all warnings very carefully.
• EDUCATE yourself, your friends and family about infections.
• NEVER click OK or cancel to warnings like this:

How can I scan and remove a virus infection?

The first order of business is to get anti-virus software. Students and faculty can download Symantec Endpoint Protection for free at the OSUware website, but the protection shouldn't stop there. We also recommend downloading other virus scanning tools, here at the OSU Computer Helpdesk we often use Malwarebytes and SUPERAntiSpyware both of which are available for free.

Click HERE to watch a tutorial about running a virus scan with Malwarebytes.

After obtaining the software simply run the program and have it scan for viruses. A good habit to exercise before each scan is to double check that the software's definitions are up-to-date. In order to update the definitions there should be either a tab or button that relates to updating the software, e.g. "Check for Updates online."

Password Security

In order to keep your information secure you must keep your password secure. The following are not the only ways to keep your password secure, but they are a good start:

• Use passphrases (see below).
• Do not keep your password in open and public spaces (no sticky notes on your monitors!).
• Change your password periodically.
• Do not use the same password for everything.
• If you think your password may have been compromised, change it immediately.
• Never tell anyone your password.

Use a Passphrase Rather Than a Password

Passphrases are more secure than passwords because they are generally longer, making them less vulnerable to attack. They also allow you to remember your credentials, even when they expire frequently. The idea of a passphrase is to use a statement, or motto, rather than a word peppered with odd characters and symbols, as the latter can be difficult to dedicate to memory.

For instance, try:

• A meaningful statement: "Carp3 Diem!"
• Directions to a location: "Down Oak, 2nd on the Right"
• A reference to what you're accessing: "Check1ng my Onid-Mail!" (NOTE: This is an awesome kind of passphrase, as you can customize it for any service you use, protecting your accounts from each other).
• A catchy jingle: "I don't always use passwords, but when I do"

It is a good idea to add numbers/symbols in place of some letters for common passphrases. That way, it is harder for an outside user to guess your passphrase.

Now you have a password that's already in your memory, and you can recall this new passphrase with greater ease. Of course, you should avoid using passphrase without adding some special characters, as hackers can attack your account with commonly used statements or quotes.

Please Note: Some systems won't accept spaces in a passphrase, while others won't accept a large number of characters. You can contact the OSU Computer Helpdesk with any questions regarding passwords.

Blocking E-mail Spam

Network Engineering uses several tools to help keep spam from reaching your mailbox. Read on for more information about what we are doing to prevent spam, what you can do, and how to keep your address off of spammers' lists.

What is Spam?

Spam is defined as unsolicited, bulk e-mail.  Typically spam comes from strangers - people who have obtained your e-mail address without your permission.  If you signed up for the mailing (intentionally or accidentally), it may be undesirable e-mail, but it is not technically spam.  Likewise, if you have some sort of business relationship with the sender, it is not spam.  So, an e-mail sent to you from your bank, an online service you signed up for, or your department at OSU would not be considered spam. 

Note: Using OSU's e-mail system to send unauthorized bulk mailings is against the Acceptable Use Policy.  For information about how to do a bulk mailing at OSU correctly, please see the Guidelines for Release of E-mail Addresses.

Blocking Spam

Step 1 - Using Filtering On Your Account

• ONID
• Outlook 2007
• Outlook 2010
• Outlook 2011 (Mac)
• Entourage
• Mac Mail
• Thunderbird

Step 2 - Reporting Spam

If Step 1 doesn't stop the spam from coming through, you can report the spam to OSU Network Engineering:

• ONID Webmail
• Outlook 2007
• Outlook 2010
• Outlook 2011 (Mac)
• Entourage
• Mac Mail
• Thunderbird

Greylisting

Greylisting works by sending a temporary failure message on the first attempt of a unique combination of sender IP, sender and recipient. Legitimate, properly-configured mail servers deal with a temporary failure by queuing the message and resending later (typically within 15 to 30 minutes). On subsequent attempts to send a message, the greylisting server allows the message to be delivered.

Greylisting works as an effective method to prevent spam because spammers typically do not bother to queue mail. Rather they blast the spam out once and ignore delivery failures.

The downside of greylisting is that it may cause a legitimate message to be delayed. Messages may also appear to arrive out of order, as subsequent messages from the same sender are not delayed. Also some sites do not queue and redeliver messages properly.

OSU addresses these issues by building up a comprehensive whitelist of allowed senders. If there are sites that you are concerned about, please send us a list at net (at) oregonstate.edu, and we will add them to the whitelist.

NOTE: Greylisting does not apply to e-mail sent within OSU.

Real-Time Black Hole Lists (RBLs)

A RBL is a list of hosts that are known untrustworthy e-mail senders. When we receive email from one of these sites, we bounce the message back to the site with an explanation that they are in an RBL and a link with directions on how to get unlisted from it. In addition to RBLs, we have an access list of domain names and email addresses of known spammers that we reject mail from. We also block mail from dynamic IP ranges, because mail servers should never have a dynamic IP. Finally, we block mail from dialup users and cable modem users - these users must relay through their ISP's mail server (or they can relay through OSU with ONID authentication).

We use the following RBLs at OSU

• Spamhaus.org PBL (pbl.spamhaus.org)
• Spamhaus.org SBL (sbl.spamhaus.org)
• Spamhaus.org XBL (xbl.spamhaus.org)
• Dynablock (dynablock.njabl.org)
• NJABL.ORG (dnsbl.njabl.org)
• VIRBL - virus black list(virbl.dnsbl.bit.nl)

If you are having trouble receiving mail from another site because they are listed in one of our RBLs, please tell the person at the remote location to contact their e-mail administrator or ISP and give them the information in the bounce message that they received from OSU. Contact us at net(at)oregonstate.edu if the sending site is unable or unwilling to get unlisted - we may be able to help them get unlisted, or whitelist the site here.

Phish Detection

For more information about phishing, please see the Phishing helpdoc page.

OSU blocks e-mail messages that contain a reply-to address that goes to a known phisher.  If practical, we will also "poison DNS" for links included in phishing e-mails, so that clicking the link will redirect you to a safe page instead. 

If you respond in any way to a phishing e-mail that asks for your username and password, we will disable your account and ask you to reset your password.  OSU has had several accounts become hacked in the past and these hacked accounts have been used to send hundreds of thousands of spam e-mails to OSU and to the world, causing serious e-mail disruption.

NEVER respond to phishing e-mails!

Content-Based Filtering & SpamAssassin

Content-based filtering refers to sorting or deleting mail based on the content of the message itself. We do content-based tagging at the mail relays using SpamAssassin, and these tags can be used to filter spam in your e-mail client.

Many e-mail clients now come with "Junk Mail" filters built-in, which you can turn on to help sort out the messages you don't want to see. When you use a junk mail filter, make sure that you set it to sort the unwanted mail into a junk folder, rather than your deleted items. That way, you can check the junk folder once in a while to make sure that no innocent e-mails have ended up there.

SpamAssassin headers that you can filter on:

X-Spam-Flag: YES  (indicates that this message has a score of 5 or more)

X-Spam-Level: ******** (the number of stars indicates the spam score)

For example, to filter all messages with a score of 3 or higher, you could create a rule in your email client to match on "X-Spam-Level: ***". 

How to Keep Your E-mail Address Off Spam Lists

The best way to avoid being spammed is to be careful how you share your e-mail address.  Every time that you sign up for something online and provide your e-mail address to do so, you are potentially sharing your contact information with not only that site, but with third parties as well.

The following are things you can do to keep your address off spammers' lists:

• Don't sign up for work-at-home or other too-good-to-be-true offers; they are typically scams and your contact information will definitely go to spammers.
• NEVER reply to spam or phishing emails.  If you do, it verifies to the spammer that your address is a real working address and that makes it even more valuable to them (and makes it more likely that you will get more spam).
• If you post your e-mail address on a publicly accesible website, try to obscure it in some way (e.g. bob(at)oregonstate.edu).
• When signing up for various accounts online, uncheck the boxes that ask about putting you on their mailing list.  Typically these will be checked by default.

OSU Email Statistics

• Email Graphs
• Spam Statistics
• RBL Statistics

Where does spam come from?

In the past, most spam came from misconfigured mail servers or proxy servers. But today most spam comes from virus-infected personal computers, hacked e-mail accounts and free e-mail providers.  See the Wikipedia article on Spam for more information about how spammers operate.

One very important thing that you can do in the fight against spam is to keep your computer up-to-date on software patches and anti-virus software. It's also a good idea to run a personal firewall. Use caution when opening e-mails from addresses you don't recognize, and always scan email attachments for viruses. If your computer has become noticeably slower, it's a good idea to run virus-detection software.

Finally: NEVER share your password!

E-mail Fraud

Avoiding e-mail fraud

Due to the widespread use of web bugs in email, simply opening an email can potentially alert the sender that the address to which the email is sent is a valid address. This can also happen when the mail is 'reported' as spam, in some cases: if the email is forwarded for inspection, and opened, the sender will be notified in the same way as if the addressee opened it.

E-mail fraud may be avoided by:

• Keeping one's personal e-mail address as secret as possible. Use a throw-away email when signing up websites online.
• Using a spam filter. If you do not forward your ONID email, ONID will protect you from as much spam as possible with SpamAssassin. For help on setting this up, go here
• Ignoring unsolicited e-mails of all types, simply deleting them.
• Not giving in to greed, since greed is often the element that allows one to be "hooked".

Many frauds go unreported to authorities, due to shame, guilty feelings or embarrassment, but if you ever fall victim to an e-mail fraud that involves theft, either monetary or of your identity, contact the authorities immediately. You could help save many people from the same problem.

Types of Fraudulent E-mail

Safe Browsing Habits

The internet is full of viruses, trojans, malware, and spyware. Keeping your computer safe from these is very important.

Update Operating System

Whether you are using a Mac or PC, updating your operating system is very important. Updates are released on a regular basis to help protect your computer and to keep it running smoothly.

PC - How to install updates for...

• Windows Vista/7
• Windows XP

Mac - How to update your Macintosh OS X

Update Web Browser

Your web browser is your gateway to the internet and is often times the entry point for computer viruses. It is therefore important that you frequently check for updates to your browser.

Internet Explorer - Updates are includes as part of your Windows updates

Mozilla Firefox -

• Go to http://www.mozilla.com/en-US/firefox/upgrade.html
• Download the latest version and run the installer. This will not delete any bookmarks or personal settings

Safari - Safari updates are included with Mac OS X updates. To update you Mac, go here.

Some Safe Browsing practices

1. Update anti-virus and anti-malware programs
2. Use a firewall program
3. Never click on pop-ups
4. Never respond to Spam e-mails
5. Never open e-mail attachments that you were not expecting. If you are ever in doubt, e-mail the sender to make sure they sent it to you or google the e-mail to see if the attachment is bad.
6. Never click on links in your e-mail. Instead, copy/paste the URL into your web browser to ensure that the link is not redirecting you unexpectedly. For an example of URL mis-direction, view this image.
7. Avoid using peer-to-peer (P2P) network programs.
8. Avoid using your personal e-mail address for random registrations. If you are browsing the web and come accross a form that you want to fill out, but you are not sure what it will do, you may want to use a throw away email address to fill it out with. View these Google search results for some Disposable Email services (Note: some sites disallow use of these accounts)
9. Use programs such as WebOfTrust or McAfee Site Advisor to help avoid sites that are known for infecting computers.

Change Contact Information

To update your contact information for OSU Alert

1. Go to alert.oregonstate.edu and click on "Enter your emergency contact information"
2. Log in with your ONID email and OSU ID^? number
3. Edit your information, agree to the terms of use, and click "Update My Information"
4. Review your information and, if correct, click "Yes, This is Correct"
5. Enter the characters in the image, which are case sensitive, and click "Next"
6. If your address is not recognized, you will see different options for possible addresses. Click the radio button next to the correct address and click "Use Selected Address"
7. When you are done, you can close the browser window/tab

Opting out of OSU Alert

Contact the OSU Computer Helpdesk through the methods listed on the right "Supported by" block to opt out of OSU Alert.  However, please understand that this system will be the primary means of communication in an emergency and your life may depend on getting information in a timely way.