UAB Information Security recently discovered a new spam campaign where users are tricked into opening an email attachment that contains a virus aimed at stealing passwords and financial information. As with any suspicious email messages you may receive, please report them to firstname.lastname@example.org for inspection.
The recent spam email messages are crafted to look like they came from one of several legitimate companies such as Chase Bank, the Better Business Bureau (BBB), Department of Treasury, Dun & Bradstreet Financial Services or a wire transfer company. You should be aware that these emails are forged and that none of the information included in the email can be trusted including embedded links, e-mail addresses or phone numbers.
Here are some of the common email subject lines we have seen in this spam campaign:
• FW: Company 2013 Report
• Incoming Wire Transfer Notification
• D&B iUpdate: Company Order Requested
• Department of Treasury Notice of Outstanding Obligation – Case ######
• Better Business Bureau Complaint Case #######
• Merchant Billing Statement
• ACTION REQUIRED: A document has arrived for your review/approval (Document Flow Manager)Tweet
Computer viruses implant instructions in other programs or storage devices and can attack, scramble, or erase computer data. The danger of computer viruses lies in their ability to replicate themselves and spread from system to system. Few computing systems are immune to infection.
The following activities are among the most common ways of getting computer viruses. Minimizing the frequency of these activities will reduce your risk of getting a computer virus:
- Freely sharing computer program and system disks, or downloading files and software through file-sharing applications such as BitTorrent, eDonkey, and KaZaA
- Clicking links in instant messages (IM) that have no context or have only general text (even from someone you think that you know)
- Downloading executable software from public access bulletin boards or websites
- Using your personal disk space with public computers that are used by more than one person
- Opening email attachments from people you don't know or without first scanning them for viruses
- Opening any email attachment that ends in .exe, .vbs, or .lnk
- Continually running your machine without the appropriate patches
Signs of a Virus Infection
If your computer begins to act strangely, or if it stops being able to do things it has always done in the past, it may be infected with a virus.
Symptoms such as longer-than-normal program load times, unpredictable program behavior, inexplicable changes in file sizes, inability to boot, strange graphics appearing on your screen, or unusual sound may indicate that a virus is on your system.
However, it is important to distinguish between virus symptoms and those that come from corrupted system files, which can look very similar. Rule out more standard causes before suspecting a virus.
How to Avoid Computer Viruses
The following are some recommendations for safe computing:
- The most important thing you can do to keep your computer safe is to install virus detection software and keep the virus patterns up to date. Antivirus programs perform two general functions: scanning for and removing viruses in files on disks, and monitoring the operation of your computer for virus-like activity (either known actions of specific viruses or general suspicious activity). Most antivirus packages contain routines that can perform each kind of task.
- Keep your operating system current with the latest patches and updates. The writers or viruses and worms often exploit bugs and security holes in operating systems and other computer software. Software manufacturers frequently release patches for such holes.
- Backup your files. Viruses are one more very good reason to back up your files. UAB employees can use UABFILE to store their data. UABFILE is kept in a secure location and backed up regularly.
- NOTE: If you back up a file that is already infected with a virus, you can re-infect your system by restoring files from backup copies. Check your backup files with virus scanning software before using them.
- Obtain public-domain software from reputable sources. Check newly downloaded software thoroughly using reputable virus detection software for any signs of infection before running the install programs (.exe, etc). This can also help protect you from Trojan horse programs.
- Quarantine infected systems. If you discover that a system is infected with a virus, immediately isolate it from other systems and report the incident. In other words, disconnect the system from any network and do not allow any of the machine's files to be moved to another system. Once the system has been disinfected you can copy or move the files.
- If you use a desktop version of MS Outlook, minimize use of the preview & reading pane options.
UAB IT provides antivirus software for use by everyone at UAB, including your personal home systems.
Please note: Microsoft Forefront went end-of-life in July 2015.
- For home use on Windows 7 and Vista, UAB IT recommends Microsoft Security Essentials be installed on your Windows system. If your computer is running Windows 7, Windows Defender only removes Spyware. To get rid of viruses and other malware, including spyware, on Windows 7, Windows and Vista, you should download Microsoft Security Essentials for free.
- For home use on Windows 8, Windows Defender replaces Microsoft Security Essentials. You cannot use Microsft Security Essentials with Windows 8 or Windows RT, but you don't need to because Windows Defender already provides built-in protection. Learn more about using Windows Defender on Windows 8.
UAB IT recommends that system administrators on campus use System Center Endpoint Protection (SCEP) for antivirus and malware protection for campus computers.
System Center Endpoint Protection 2012 has several advantages over the scope of Microsoft Security Essentials:
- Centralized reporting
- Centralized monitoring
- Centralized management
- Automated network client deployment
- Advanced Microsoft support is available through professional, premier and/or software assurance programs
- Management of the host-based Windows Firewall policy via the SCCM policy configuration interface, allowing for configuration of endpoint security as well as allowing or denying connections.
System Center Endpoint Protection 2012 provides a single, integrated platform that reduces overall IT management and operating costs.
UAB IT's recommendation is to deploy the SCEP agent within System Center, along with the inventory agent. There are many other features you may turn on or block from use within SCCM.
- For Mac/(OS x) use Sophos Anti-virus. Please click here and login to select Sophos from the available titles.