Campus Response To Virus Threats
As the threat of infection from a multitude of viruses, worms, and other exploits is increasing, so is our campus’ response to such issues. Computing & Media Services and Network Operations have adopted the following strategies:
- Staff regularly monitor reliable sources of information about current threats.
- The campus firewall’s configuration is adjusted as new threats are documented to minimize or eliminate the impact of certain exploits.
- Traffic on the academic portion of the network (which serves campus offices, labs, and classrooms) is kept separate from traffic on the residence hall portion of the network. Traffic on wireless segments and in certain other areas, is also separated from the rest.
- A mail "gateway" is used to intercept known viruses before they reach individual mailboxes. This gateway has prevented as many as 8,000+ infected mail messages per day from reaching our users.
- Desktop anti virus software, installed on campus machines, is updated automatically to be sure such software can recognize and intercept the latest viruses.
- A campus update server is in place to keep campus machines at current, critical patch levels. A "patch" is a fix to a piece of software, be it an operating system like Windows or an application like Outlook. Such patches are often designed to fix a "whole" or weakness in the software that allows a virus to get in.
Top Ten Computer Viruses According to Sophos
Last Updated April 2011 - (Source: Sophos)
So, your friend has sent you a note warning that he or she has a virus. He or she may suggest that you tell as many people as possible about this latest threat.
Now, you are no doubt a conscientious member of the Internet community, but before you click "Forward" and load up as many addresses as you can in the To: field, pause for a moment. Could this be a hoax? Frequently, the answer is "yes."
Hoaxes are not only a waste of time but they can also encourage people to do destructive things to their machines like removing important files. Next time you get a virus warning from a friend or colleague, take a moment to review this information from Sophos:
You might also be interested in Sophos’ list of top hoaxes below.
You’ve checked your machine with the latest version of anti-virus software. You’ve called the Helpdesk, and they sent someone over who gave your computer a clean bill of health. Yet, you still receive messages accusing you of spreading viruses to others via e-mail. Why?
The reason may be due to any number of viruses that cleverly "spoof" or fake the return addresses on the loaded e-mails they send. Such viruses gather e-mail addresses from the infected machine, choosing one to list as the destination (To:) and one to "spoof" (fake) as the sender (From:).
Most mail systems will let you put anything down as the sender (From:)address without validating or authenticating it. So, someone else’s macchine is spreading a virus but you get the notification because the virus found your e-mail address on the infected system.
To explain further, here is a sample scenario. Let’s say [email protected] contracts a virus like MiMail. Some time after that, [email protected] receives a message from [email protected] that has a virus attachment in it. Leonardo’s anti-virus software or his firewall catches it before it can infect his machine. The anit-virus or firewall software then sends a note to Isaac warning him that he is spewing out viruses. Isaac is totally confused as he knows that his firewall or anti-virus software would have caught it. As the interception of the virus and the notification are automatic, the actual messages are never examined to verify the sender’s name. Had they been examined, they might have revealed that the original sender was from somewhere in sion.org.
What Can Be Done?
The only one can do is make sure one’s anti-virus software is up to date and working. The confusion over who actually sent the virus will continue until e-mail software and protocols evolve to address this gap in security (spoofing).