Viruses are a major problem at any time, but on a larger scale such as our University, it's even worse. Because there are so many PC's and Mac's on our Campuses, the problem of controlling Viruses can become a nightmare. This information will hopefully help you control the problems of Virus Infection.
There are three major types of viruses.
- Macro Viruses
- File Viruses (Executable)
- Boot Viruses
Some 'Email' Viruses are not viruses at all, these are called virus hoaxes and are talked about later on this page.
Currently the University has purchased VET Anti-Virus Software for Windows 95/98/NT. There are a number of shareware Anti-Virus products you can use, bearing in mind that you may have to register them after 30 days.
So far, The Macro Virus has become a large problem since the carrier (MS-Word Documents) can be sent easily through E-Mail. This can infect large amounts of PC's with one click of a button. Macro Viruses can annoy you with messages, change words in your documents or destroy your data on your hard disk drive.
Method of Infection (Snippet from McAfee ®)
Macro viruses spread by having one or more macros in a document. Opening or closing the document or any activity which invokes the viral macros, activates the virus. When the macro is activated, it copies itself and any other macros it needs, sometimes to the global macro file NORMAL.DOT. If they are stored in NORMAL.DOT they are available in all open documents.
At this point, the macro viruses try to spread themselves to other documents. Macro viruses spread easily through e-mail packages. The ability of these packages to send and quickly launch documents can infect hundreds of users at a time. Documents are much more mobile than executable files, passing from machine to machine as different people, write, edit or access them. Macro viruses can therefore spread very quickly through business offices and corporations.
The most common Macro Viruses found at the University are:
- NPad (Nuclear)
Some virus warning messages that might say 'Don't open a email message that has the subject "blah blah blah" It will infect your PC with a deadly virus...' that you might receive could well be a virus hoax, they are not viruses but when you send them to everyone you know, the warning message ends up as a virus of sorts. So, the easiest way to stop them spreading is to stop and think before doing a mass forward to everyone in your address book. In most cases, common sense would eliminate these hoaxes. Here are some guidelines on how to identify and handle virus hoaxes. (Taken from http://hoaxbusters.ciac.org/.)
List of some known hoaxes (at time of writing):
"Bill Gates" Hoax
A Moment of Silence
AOL4FREE.COM hoax and A4F-Spoof trojan
Bill Gates Email Tracking chain letter
Bud Frogs warning
WIN A HOLIDAY hoax
Cancer chain letter
Francesca chain letter
Good Luck Greetings
How to give a cat colonic
It Takes Guts to Say 'Jesus'
Join the Club
Join the Crew
Matra R-440 Crotale April fools joke
Meme or Anti-CDA hoax
Microsoft home page hoax
Open:Very Cool hoax
Penpal Greetings hoax
Returned or Unable to Deliver hoax
Sandman homepage warning
Win A Holiday
Yahoo Crack and Logic Bomb Hoax
YUKON3U.mp JPG hoax
How to Identify a Hoax
There are several methods to identify virus hoaxes, but first consider what makes a successful hoax on the Internet. There are two known factors that make a successful virus hoax, they are:
- technical sounding language, and
- credibility by association.
If the warning uses the proper technical jargon, most individuals, including technologically savy individuals, tend to believe the warning is real. For example, the Good Times hoax says that "...if the program is not stopped, the computer's processor will be placed in an nth-complexity infinite binary loop which can severely damage the processor...". The first time you read this, it sounds like it might be something real. With a little research, you find that there is no such thing as an nth-complexity infinite binary loop and that processors are designed to run loops for weeks at a time without damage. When we say credibility by association we are referring to whom sent the warning. If the janitor at a large technological organization sends a warning to someone outside of that organization, people on the outside tend to believe the warning because the company should know about those things. Even though the person sending the warning may not have a clue what he is talking about, the prestige of the company backs the warning, making it appear real. If a manager at the company sends the warning, the message is doubly backed by the company's and the manager's reputations. Individuals should also be especially alert if the warning urges you to pass it on to your friends. This should raise a red flag that the warning may be a hoax. Another flag to watch for is when the warning indicates that it is a Federal Communication Commission (FCC) warning. According to the FCC, they have not and never will disseminate warnings on viruses. It is not part of their job.
Validate a Warning
CIAC recommends that you DO NOT circulate virus warnings without first checking with an authoritative source. Authoritative sources are your computer system security administrator or your computer incident advisory team. Real warnings about viruses and other network problems are issued by different response teams (CIAC, CERT, ASSIST, NASIRC, etc.) and are digitally signed by the sending team using PGP. If you download a warning from a teams web site or validate the PGP signature, you can usually be assured that the warning is real. Warnings without the name of the person sending the original notice, or warnings with names, addresses and phone numbers that do not actually exist are probably hoaxes. Another area of concern is Internet chain letters that may or may not be true. For more information on Internet chain letters reference http://hoaxbusters.ciac.org/.
What to Do When You Receive a Warning
Upon receiving a warning, you should examine its PGP signature to see that it is from a real response team or antivirus organization. To do so, you will need a copy of the PGP software and the public signature of the team that sent the message. The CIAC signature is available at the CIAC home page: http://ciac.llnl.gov/ You can find the addresses of other response teams by connecting to the FIRST web page at: http://www.first.org. If there is no PGP signature, see if the warning includes the name of the person submitting the original warning. Contact that person to see if he/she really wrote the warning and if he/she really touched the virus. If he/she is passing on a rumor or if the address of the person does not exist or if there is any questions about the authenticity or the warning, do not circulate it to others. Instead, send the warning to your computer security manager or your incident response team and let them validate it. When in doubt, do not send it out to the world. In addition, most anti-virus companies have a web page containing information about most known viruses and hoaxes. You can also call or check the web site of the company that produces the product that is supposed to contain the virus. Checking the PKWARE site for the current releases of PKZip would stop the circulation of the warning about PKZ300 since there is no released version 3 of PKZip. Another useful web site is the "Computer Virus Myths home page" (http://www.vmyths.com/) which contains descriptions of several known hoaxes.