Skip to main content
Sign In

University of Colorado Denver

​​​​​​​​​ ​
 

Quick Help

Security


 
Viruses, worms and trojan-horse programs

A computer virus is a small program written to alter the way a computer operates, without the permission or knowledge of the user. Viruses attach themselves to other applications or documents and are usually spread initially by transmitting an infected file. Some viruses are programmed to damage the computer by damaging programs, deleting files, or reformatting the hard disk. Others are not designed to do any damage, but simply to replicate themselves and make their presence known by presenting text, video, and audio messages. Even these benign viruses can create problems for the computer user. They typically take up computer memory used by legitimate programs. As a result, they often cause erratic behavior and can result in system crashes. In addition, many viruses are bug-ridden, and these bugs may lead to system crashes and data loss.

Worms are programs that replicate themselves from system to system without the use of a host file. This is in contrast to viruses, which require the spreading of an infected host file. Although worms generally exist inside of other files, often Word or Excel documents, there is a difference between how worms and viruses use the host file. Usually the worm will release a document that already has the “worm” macro inside the document. The entire document will travel from computer to computer, so the entire document should be considered the worm. W32.Mydoom.AX@mm is an example of a worm.

Trojan horses are impostors--files that claim to be something desirable but, in fact, are malicious. A very important distinction between Trojan horse programs and true viruses is that they do not replicate themselves. Trojans contain malicious code that when triggered cause loss, or even theft, of data. For a Trojan horse to spread, you must invite these programs onto your computers--for example, by opening an e-mail attachment or downloading and running a file from the Internet.

It only takes one infected computer to bring a virus, worm, or Trojan horse onto an entire network, thus endangering the safety of all other computers and computer users on that network. Every computer that connects to the campus network has the ability to affect the service levels on the entire network. We must be diligent in maintaining our computers against viruses, worms, and Trojan horses. To help prevent viruses, worms and trojans from infecting your computer system, it is vital that you install a high-quality antivirus program and keep it updated regularly. These updates instruct the antivirus program on how to detect, block and remove new malware.

If you do not currently have antivirus software on your computer, the School of Pharmacy can provide McAfee Antivirus free of charge to all SOP faculty and staff (as of January 1, 2010, the campus license for McAfee Antivirus no longer covers student-owned computers). Contact the SOP IT Services Office for assistance. It is a requirement of the School of Pharmacy that you have effective antivirus protection on any computer you connect to the AMC network.

Spyware

Spyware often arrives attached to other software you intentionally install. "Freeware" and "shareware" programs you download over the Internet may include at least one, but up to several, parasite programs that will silently install themselves on your computer as you install the software that you actually wanted. Some may also arrive in e-mail messages. Unlike viruses, these pieces of spyware usually announce themselves. Clicking on and opening the attachment then serves to download this software onto your computer.

Spyware can be installed on your system by simply visiting a web site. In this case, the web site might ask you to allow the software. In some malicious cases, the web site will take advantage of flaws in your web browser to install the software with out your permission. If you surf the web, particularly with older versions of Microsoft Internet Explorer, even if you are careful, you can pick up adware and other forms of spyware. Any media-supported web site often attaches a tracking cookie. If you share music, files, or photos with other computer users, your risk also increases. P2P programs often comes with spyware that is installed along with that program.

Your chances for picking up spyware also rise when you install software applications (especially if you don't full read the license agreements - i.e. the "fine print.") Voluntary downloads account for a large portion of the privacy-infringing software. You may not realize a free screensaver or computer game or toolbar also reports back your private information.

What are some of the symptoms of spyware? If your computer is exhibiting any of the following symptoms, it is very likely that it has become infected with spyware.

  • Unusually slow performance and/or Internet connection
  • You get endless pop-up advertisements, even when you're not on the web
  • Strange hard drive behavior Your web browser's homepage or settings have changed, seemingly on their own
  • There is a new toolbar in your web browser that is difficult to get rid of
  • New, unexpected icons appear in the task tray at the bottom of your screen Frequent computer crashes
  • You are redirected to web sites other than the one you requested
  • The search engine your browser opens to when you click "search" has been changed
  • Certain keys fail to work in your browser Random Windows error messages begin to appear

How do you remove spyware?

The first step is to not contract spyware in the first place. Prevention is a lot easier than removal. The McAfee solution made available to all students, faculty and staff includes some spyware protection, but you need to make sure that the antispyware component has been installed on your system. The SOP IT Services Office or the UCD IT Help Desk can assist in confirming that the antispyware component has been installed or installing it if necessary.There are also additional tools you can and should run; no single solution can find all the spyware that exists. The SOP IT Services office has links to a number of freeware tools that you can use to sweep your system for spyware on our Downloads page. If you believe your system may have spyware, the freeware spyware tools can in many cases identify and remove the problem, but if you continue to have problems, contact the SOP IT Services Office for assistance.

Phishing

“Phishing” is the attempt by some crook to entice you to provide confidential data by sending you a message that purports to be from a company or organization with which you do business. Making some false claim designed to panic you into action, such as the claim that an account needs verifying and will be cut off if you don’t take instant action, an email will ask that you go to a web site by clicking on a link in the email. When you go to the web site, you are asked to "update" or "confirm" personal information such as account numbers and passwords. The web sites may look just like a legitimate page from the company or institution the message purports to be and may be extremely realistic, but in reality the link leads to some other web site, often in another country, designed to mimic the real web site but intended solely to steal confidential information from you so that the perpetrators can fraudulently access your accounts.

With more and more information about each of us available on the Internet, it’s increasingly common for people to encountering what is known as “Spear phishing”. This is a highly targeted form of phishing in which facts relevant to the user or institution are used in an attempt to gain the confidence of the recipient of the e-mail or phone call. The sender may address you by name and may include specific information related to you or your institution or department. As an example, in attacks against employees at Oak Ridge National Laboratory one message claimed to be from a Federal Trade Commission investigator. Other institutions, including a number of universities, have been deluged with emails that claim to be sent from the university's email administrators, requesting verification of email accounts or asking for other personal information.

This sort of scam is becoming more common, but it’s easy to avoid being fooled. Simply put, you should never include private information in response to an unsolicited message, even one that appears to come from a known source. The same applies to phone calls as well; someone may call you purporting to be from an official source and ask for confidential information; do not give them any!

If you receive an email asking for confidential information, never click on any included link. No responsible company or organization will include a clickable link in an email asking for personal information since web links can be “faked” to actually connect you to some other unknown web site. Type the URL (website address) of the company directly into your web browser. If you have doubts about the legitimacy of any email you receive, contact the company by phone - use a phone number listed directly on the web site of the company or organization (again, type the company’s web link; don’t click on any link in the email), not any phone number provided in the email - and ask if the issue is legitimate.

The same basic precautions apply to telephone calls. If you receive an unsolicited phone call from someone requesting personal or confidential information, unless you have caller ID that clearly shows the inquirer as being from a known phone number whose owner would be likely to ask for such information, get the caller’s name and phone number, hang up, and contact the organization to verify the identity of the person and their need to know the information being requested. Then call the person back. If the person who the caller claimed to be is listed at a different phone number, call that phone number and verify that the person did indeed call you.

For more information and additional suggestions for protecting yourself, see:

http://www.microsoft.com/protect/fraud/phishing/symptoms.aspx

Passwords

Keeping your personal passwords private, secure, and unbreakable is one of the most important steps you can take for safer computing. If your passwords slip into the wrong hands, your identity, finances, and personal information could be in jeopardy. Using well-chosen passwords are important steps in ensuring privacy and security on the computers you use everyday, at home and at work. Unfortunately, many of the passwords people use are simple or have been in use for a long period of time and for a lot of accounts. Simple passwords can be easily guessed by people who know you, or can readily be cracked by people with experience. Consider these findings...

  • Studies have shown that more than 40 percent of all individually-chosen passwords are readily guessed by someone who knows you.
  • In a recent survey of password use, more than 3,000 account passwords were cracked out of a test sample of more than 13,000 using readily-available tools.
  • Because many people use the same or similar passwords for different computers and multiple accounts, gaining access to one password often provides access to other systems and accounts.

Dictionary programs are one of many tools frequently used to crack passwords. A hacker will launch a dictionary attack by passing every word through a dictionary, which can contain foreign languages in addition to the entire English language, to a login program hoping that a word will eventually match the correct password. Even worms and viruses will attempt to guess passwords.

Ways in which passwords are vulnerable:

  • Many people do not change the default password that comes with some computer security systems. Lists of default passwords are available on the Internet.
  • A password may be guessable if someone chooses a piece of personal information as their password. Such items include a student ID number, boyfriend or girlfriend's name, birth date, telephone number, or license plate number. Personal data is now available from various sources, many online, and can often be obtained by someone using social engineering techniques such as posing as an opinion surveyor.
  • A password is vulnerable if it can be found in a list of commonly-chosen passwords. Dictionaries, often in computer-readable form, are available for many languages, and lists of passwords are easy to get a hold of. In tests on live systems, dictionary attacks are so routinely successful that software implementing this kind of attack is readily available.
  • A password that is too short, perhaps chosen for ease of typing, is vulnerable if an attacker can obtain the cryptographic hash (mathematical function which maps values from a large domain into a smaller range) of the password. For example, computers are now fast enough to try all alphabetic passwords shorter than seven characters.

Here are some helpful tips for having strong password security:

  • DON'T use your login name in any form; as-is, reversed, capitalized, doubled, etc.
  • DON’T use your employee/student ID or social security number
  • DON'T use consecutive or adjacent keys.
  • DON’T use a word based on personal information that may be easy to look up on the Internet such as the name of your spouse, child or pet, or your birthdate or that of your spouse or children.
  • DO use a password that you can type quickly without having to look at the keyboard. This makes it harder for someone to steal your password by watching over your shoulder.
  • DO change your password regularly.
Panicware

An increasing problem that computer users are encountering is known colloquially as "panicware". Panicware rears it's ugly head when you encounter a web site created or hijacked by unethical software developers who attempt to fool you into thinking that your system has viruses and that you need antivirus software to fix the problem. The developer will then attempt to get you to purchase their own software. Here's what actually is happening, though:

The software developer either lures you to their web site or manages to hook to some other legitimate web site. When you innocently trigger the developer's site, you get a window pop up that looks like an antivirus scan and claiming that your system is infected by a virus or other malware. The popup offers you a "free download" of an antivirus tool that purports to be able to remove the malware. If you accept, this software will download and install on your system, and then claim to have scanned your system and found multiple additional malware infections. They kindly then tell you that their for-purchase software can remove these infections.

In reality, though, these claims of infection are fake, and their "free" software is actually malware of its own that will plague you with false messages of infections unless and until you buy the developer's software which usually does nothing other than to shut off the message the developer's own free "antivirus" package is generating. There are many examples of this sort of scam , one of the most common being "Windows Antivirus 2010" or " Antivirus 2011". This same software appears under many different names as well.

All systems owned or provided by the School of Pharmacy should already have McAfee Antivirus installed. So if you get any sort of warning that your system is infected with any sort of malware, check to see if the warning is coming from McAfee. If it's not clearly coming from McAfee or an antivirus package that you know you have legitimately purchased and installed, do not agree to any sort of action.

First and foremost, ABSOLUTELY DO NOT agree to ANY sort of popup or warning that offers to download something to scan your system or to fix the problem. It will almost certainly cause problems, not fix them, and in some cases the problems will be so massive that your system will have to be erased and the software rebuilt from scratch.

If you have any doubts about whether any warning about malware is legitimate, contact the SOP Office of Information Technology Services. We'll be happy to investigate and let you know if your system has a legitimate problem or if you're encountering a scam.

Securing Your Laptop

Every year a few unlucky users have their laptops stolen. There are some simple things you can do to reduce the chance that you’ll join this unfortunate group:

  • Avoid leaving laptops unattended, unsecured and out in the open. Most laptops are stolen due to the owner just leaving the laptop sitting out unattended, on a desk or sitting in a case. Lock the laptop in a desk, cupboard,laptop cart or other secure area when not in use. If the laptop must be left in a vehicle, it should be covered up or locked in the trunk. Above all, do not leave your laptop unattended and unwatched even if it's close by. It only takes seconds for someone to pick up an unattended, unsecured laptop and abscond with it.
  • Use visual deterrents. If you’re placing your laptop on a desk or table and can’t conveniently put it away, a cable lock or other locking mechanism can act as a deterrent to would-be criminals. Although such locks can often be ripped off the plastic exterior of a laptop with a strong tug, they do force some criminals to think twice before taking the risk.
  • Keep laptops inconspicuous. Laptops should be carried in inconspicuous carrying cases, such as backpacks or tote bags, instead of obvious laptop bags.

And to protect your data in the event your laptop is lost or stolen:

  • Use 'complex' passwords and change them regularly. Don't use simple passwords that can be guessed easily. Passwords like your birthdate, your spouse's name or the name of your pet should never be used; you'd be surprised how easy it is for someone to find this sort of information about you on the Internet. Always use a combination of numbers and letters, and never leave your password in obvious places on or near the computer. Password-protect your screensaver and lock your screen to avoid unwanted access to your computer if you've stepped away.
  • Use encryption software to encrypt the data on your hard drive. This makes it very difficult for a thief to get access to you data should your laptop be stolen. All laptops owned by the University of Colorado Denver must have their hard drives encrypted.
  • Leverage anti-virus software, encryption solutions, anti-spyware and firewalls. Prevent unauthorized access and spyware from invading your computer and protect valuable information with data encryption software. Make sure your anti-malware utilities are properly installed and kept up-to-date.
  • Back up valuable data on a scheduled basis. Data backup needs to happen as frequently as possible to minimize the risk to the you and the university in the event of theft or loss of your laptop. The information or 'knowledge' that is stored on the computer is more valuable than the computer itself. Make sure, though, that any backups containing sensitive data are protected; encrypted, locked in a secure location, etc.
  • Understand the dangers of pirated software and file sharing. Not only is it illegal, but pirated software can increase susceptibility to viruses, trojans and other attacks, many of which are used to steal data from your computer.
  • Stay informed. Continue to educate yourself on the tools and techniques used today by cyber criminals as well as the latest scams and other security risks to university data.
  • Don't rely on laptop recovery software/services to protect your data. Though such software and services do have success stories, there are too many ways around such systems for you to depend on them.