Purpose of this article
To ensure that IT systems continue to enable University business by increasing staff and student awareness about malware attacks, thereby reducing the risk of adverse impact.
Malware is short for malicious software, meaning software that can be used to compromise computer functions, steal data, bypass access controls, or otherwise cause harm to the host computer. Some types can spread rapidly from one computer to another causing increasing disruption and damage. You should always ensure they you are running an up-to-date suite of virus protection programs to protect your own computer and, indirectly, the others in the community. As well as running antivirus software you are advised to take other precautions to avoid infection.
Malware Types and Effects
Malware is a broad term that refers to a variety of malicious programs. For example, Spyware is a type of malware used to track user input and activity, to steal account passwords or sensitive information. Ransomware attempts to encrypt personal documents and files, rendering them unreadable unless the victim pays the attacker money to ‘unlock’ them. Viruses are probably the most well-known type of malware and can cause a variety of negative effects as well as being able to quickly spread from computer to computer. Malware is not just confined to the Windows operating system - Mobile devices and other computers are also at risk of malware infections.
How Malware Spreads
Most malware comes from reading emails or browsing the internet. However, it can also infect systems through removable media (such as USB drives) or by individuals remotely connecting to computers or services from already infected devices. Increasingly, viruses are written in the macro language of applications such as Microsoft Word and can potentially infect any platform that can run those applications.
Infected Microsoft Office Files
Infected Office Files are spreadsheets and word documents that, when opened, attempt to execute harmful code that is contained within them. To prevent this, Office will by default open all files from emails or the internet in “Protected View”. This prevents any potentially harmful files from executing, while still allowing you to see the contents of the document. However, many bad attachments will display content that recommends Protected View must be disabled to view it correctly. This is intended to deceive victims into allowing it to run. Never do this if the origin or credibility of the file is in question. Additionally, Office offers protections from macros, and disables them by default. Some files do require these to run, but again macros should not be enabled unless it is absolutely necessary, and the file itself is from a reputable and trusted source.
If you have concerns you can check your Office settings to ensure that you are appropriately protected (in each Office program, go to File -> Options -> Trust Center -> Trust Center Settings… and check the settings for Protected View and Macros).
Additionally, another common technique is for harmful files to masquerade as other file types, by adding a second extension (i.e. badfile.exe presenting itself as invoice.xlsx.exe and relying on windows hiding the common “exe” file type from the user). This should be visible within Outlook, so you should pay attention to the file type and icon before opening. Malware can also attempt to hide itself in zip files to evade detection, so you should be extra vigilant if emailed an archive, and check again for file types before opening.
Signs your computer may be infected
- While many types of malware differ greatly in their purpose and behaviour, many produce similar effects that can be noticeable to the user. If you have an infected computer, you many notice some or all of the following:
- Slow computer or network speeds
- Problems connecting to networks
- Computer freezing or crashing
- Modified or deleted files
- Appearance of strange files, programs, or desktop icons
- Programs running, turning off, or reconfiguring themselves (malware often attempts to reconfigure or turn off antivirus and firewall programs)
- Emails or messages being sent automatically and without your knowledge
Protecting your Computer from Virus Infection
There are several simple steps you can take to reduce the risk of your computer becoming infected. Some malware cases require special prevention and treatment methods, but following the recommendations below will greatly increase your protection from a wide range of malware:
- Ensure your computer is running the most up to date version of an antivirus tool. Your antivirus program should be configured to scan all files coming into your computer
- Always scan removable media given to you before using it
- If you lend removable media to someone, always scan it when it is returned
- Always scan files downloaded from the Internet
- Avoid direct opening or executing e-mail attachments. Always save the email attachment and scan for viruses before reading or executing. Always open office documents in ‘protected’ mode unless you trust their source
- Update your Anti-Virus tools regularly