Viruses

The Webopedia Definition of a virus:

A program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. Viruses can also replicate themselves. All computer viruses are man made. A simple virus that can make a copy of itself over and over again is relatively easy to produce. Even such a simple virus is dangerous because it will quickly use all available memory and bring the system to a halt. An even more dangerous type of virus is one capable of transmitting itself across networks and bypassing security systems.

Since 1987, when a virus infected ARPANET, a large network used by the Defense Department and many universities, many antivirus programs have become available. These programs periodically check your computer system for the best-known types of viruses.

Some people distinguish between general viruses and worms. A worm is a special type of virus that can replicate itself and use memory, but cannot attach itself to other programs.

Are you vulnerable when using the Institute's Linux network?

The simple answer is generally no, although there should be some vigilance when executing files downloaded or sent by email. 

It is impossible when using your IT account at the Institute to execute a program against your wishes or knowledge.  A way malicious code can be run is by running a trojan horse.  Even then, the malicious program will be running as you, so cannot cause any serious damage to the system.

If you are in doubt whether or not to run a program, feel free to e-mail @email giving the location of the file, and if possible the senders e-mail address.

Are you vulnerable when using the Institute's Windows network?

Again generally no.  Although Windows PC's are more at risk than Linux machines, they are configured to trap the latest Viruses and Trojans automatically by using the latest virus identification files downloaded from the network.  All the Institute's PC's are running secure versions of Windows, so minimal damage can be done even if a virus does get through.  You should in all cases be vigilant when using and running downloaded files from an unknown source.

How do I know the message is a Virus/Worm?

Some e-mails use social engineering on the reader so the users inadvertently open malware believing it is has been sent from a trusted source.  A typical example of this is the W32/MyDoom-O worm.  This worm sends an e-mail crafted to use information in the e-mail addresses fqdn so it appears to originate from the local IT support, for example:

Dear user of maths.ox.ac.uk

We have found that your account has been used to send a large amount
of unsolicited commercial email during the last week.
We suspect that your computer was infected by a recent
virus and now runs a trojan proxy server.

Please follow our instructions in order to keep your computer safe.

Best regards
maths.ox.ac.uk user support team.

It is unlikely that the Maths Intitute IT support staff will send any kind of instructions in any other format than plain-text, i.e. a format that will work on all mail readers.  Usually, the IT support sign our messages using PGP to prove our identity.  If in doubt, always check with @email before attempting to open any attachment from an e-mail that does not appear to come from someone's e-mail address with their name missing at the end of the message, for example:

A bad message:

From: daemon@maths.ox.ac.uk
Subject: Problem with your account
Attachments: readme.scr (84KB)

We have found that your account has been used to send a large amount
of unsolicited commercial email during the last week. 

Regards,
Your Friendly IT support team.

A good message:

From: bob-it@maths.ox.ac.uk
Cc: it-support@maths.ox.ac.uk
Subject: [maths.ox.ac.uk #8672341] Problem with your account
Attachments: none

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

From: bob@maths.ox.ac.uk
Cc: it-support@maths.ox.ac.uk
Subject: [maths.ox.ac.uk #8672341] Problem with your account
We have found that your account has been used to send a large amount
of unsolicited commercial email during the last week.

We will disabling your account and auditing the path the
intruders have taken to compromise your machine. We will let you
know when it is ready for use again.

Bob (IT support).


-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2

iQA/AwUBQRtbE9I1Ihxcdh9rEDKgKgCg9PzTkSA3/1E04B9wUBXm8dJyQlUAoIEh
RyuR6NsFh9MlvhiWduytsisS
=6t0O
-----END PGP SIGNATURE-----
 

What do I do if someone sends me a file containing a Virus?

You cannot contract a virus by simply reading an e-mail. 

If you know the sender, you should let them know as soon as possible, possibly giving the name of the Virus if you know it.

If you do not know the sender and the message contains an unknown attachment, you can safely delete the e-mail.  If you are not sure, check the latest Virus reports on https://www.sophos.com/.  Almost all worms are spread by e-mail and rely on the recipient running the attached file.

Please contact us with feedback and comments about this page. Last updated on 22 Apr 2022 20:48.