What to Do If You Have or Suspect You Have Responded to a Malware Attack
If you have or believe you may have provided information to a hacker in response to a malware attack (or any other kind of attack), you are required by ISU policy (and the state of Indiana legislation) to report the incident. Use the Security – Report an Incident form at:
Security Report an Incident
Fighting Malware
Protecting your computer from Ransomware, Spyware, Adware and Viruses
Malware (short for malicious software) is a term coined to describe programs which are ultimately detrimental to the computing experience. Viruses are the most visible and publicized malware but there are other types, specifically adware and spyware, which are less obviously a threat but perhaps even more of a nuisance. This article will describe the various types of malware and what steps should be taken to remove them or, if possible, prevent their installation.
Ransomware
Ransomware is a type of malware that threatens to publish the victim's personal data or permanently block access to personal files unless a ransom is paid to the bad actor.
Viruses and Worms
A virus is a computer program designed to install itself on a computer without the user's knowledge and then perform some task. Most commonly viruses will try to infect other machines, open up the infected machine to outside access or cause damage to files. A worm typically is installed when a user launches an infected e-mail attachment. The worm then uses the mail system (and address books) of the infected computer to send infected e-mails to other users.
Using a virus-scan product and keeping current with Windows Updates are the best methods available to prevent infections. Users should also be wary of unexpected e-mail attachments, even if they come from someone they know.
Adware and Spyware
Adware is software which is free to the user or available at a reduced cost because it displays advertisements either in the software window itself or in separate pop-up windows. By itself adware is merely irritating as the user must contend with unwanted pop-up windows while running the ad-supported software.
Spyware is any software which utilizes the bandwidth of the machine on which it is installed to communicate with the parent company. Statistics about one's browsing habits, installed software and other information are collected by these companies and then either sold as market research or used by the company itself to target ads at the user.
Together (often a program works as both adware and spyware) they represent a serious invasion of the user's privacy and could use up considerable bandwidth and processor resources communicating with the developer and downloading ad content.
It is often difficult to identify this software without a thorough reading of the end user license agreement. Companies which distribute this software use many tricks to entice users to install their programs. Two common channels by which malware is installed are pop-ups which look like a security warning and opt-out installers. Users should familiarize themselves with these methods and use discretion when agreeing to anything on the web.
Spoofed Security Warnings - Some malware installation requests are designed to look like a typical security request from the browser. The tendency is for people to accept anything that pops up which they feel is restricting them from viewing a particular page. When a user clicks yes, thinking they are accepting a security certificate, they actually are giving permission to install whatever software the distributor wishes to push to their computer. To prevent these installations one only has to read carefully any requests that pop-up while browsing and make sure they are indeed required. If you are unsure, answer no and then if you have problems with that particular web page, go back and answer yes when the request appears.
Opt-out Installers – Some web-sites which require a user registration include opt-out installers for various pieces of adware and spyware. An opt-out installer is one such that if you do not explicitly decline whatever software they are offering, it will be installed by default once you complete your registration for the site. The tools to decline the installation are often deliberately inconspicuous and typically the installation happens without the user's knowledge. Opt-out installers are also seen quite often in the installation packages for "free" software such as screen-savers, download managers, games, shopping assistants and web accelerators.
Prevention/Removal
Users are not often aware that their machine is host to malware until it begins to affect performance. Excessive pop-ups or slow network access may be the only indication that the computer has been "infected".
Always consult the OIT Help Desk to report if you suspect that you have malware on your system.
University policy via Indiana legislation requires employees and affiliates to report all security incidents, including all types of malware.
As the old saying goes, an ounce of prevention is worth a pound of cure. Users should take the following steps to be sure their machines are as secure as possible:
- Keep Windows up to date - Use the Windows Update feature of your operating system to be sure you have all of the most recent security and functionality updates.
- Keep anti-virus software current - Users should be running an anti-virus package such which continually scans the computer for viruses and other threats. It is vital that the virus information be kept up to date; otherwise its effectiveness will be greatly diminished.
- Do not browse untrusted sites for (free) media or software - the most common source of malware is from illegitimate providers of music, movies, books, and software.
- Use ISU's Office 365 platform for all business related purposes - Office 365 has ransomware protection inherent to its use of OneDrive, Teams, and Sharepoint.
All staff and faculty are protected by Windows Defender for Enterprise. This security software is the best approach to protection from inadvertently downloading malicious software.