- Safety and Security
- Network and Phone
- Mobile Devices
Malware Detection at OSU
ALERT - Dangerous computer malware
CryptoLocker is dangerous, malicious computer software that encrypts your data files (word, powerpoint, pictures, music, videos, etc.). The nefarious individuals then hold your data for ransom and try to extort money from you.
Learn more about this risk and how to protect yourself here - http://oregonstate.edu/helpdocs/safety-and-security/computer-viruses-fraud/computer-viruses/cryptolocker-dangerous-ransomware
Oregon State University utilizes a device on our network called FireEye. This device monitors the network for patterns of activity a computer displays when it is infected with malware, or has been compromised by hackers.
When the FireEye device detects signs of malicious activity, it sends an alert to the OSU Computer Helpdesk, who, in turn, sends a notification to the registered owner of the computer. The user is then responsible for contacting the Helpdesk to resolve the issue. This document outlines that notification process.
Please Note: While every attempt will be made to resolve the situation through this process, there may be instances where the availability, confidentiality, or integrity of the OSU network or the data residing therein is placed at risk by the activity discovered on the device. In such cases, network access for that system will be blocked prior to notification.
OSU notifies users when a malware infection is detected on their computer. Users must come in for help, or inform the Helpdesk that the infection has been removed.
Notifications include technical details on the infection and give users information on how to clean their own computers. Please note that the notifications will be from firstname.lastname@example.org and will be followed with an email from email@example.com detailing options you have to clean your computer.
Network access disabled notification:
If the user does not come in for help or notify the OSU Computer Helpdesk and they continue to receive notifications from firstname.lastname@example.org then the user’s network access will be disabled and a notification of the access restriction will be sent.
A user is not typically disabled until after three notifications have been sent, but there are circumstances that will extend the amount of notifications before loss of network access, such as a long period of time between malware notifications from FireEye.
Example Malware Notifications
Below are examples of the notification e-mails sent to users, which can be used as reference to ensure these are not fake emails or phishing attempts.
Example from Security:
Example from the OSU Computer Helpdesk: