| RSSS Home | ANU Home | Search ANU |
The Australian National University
Information Technology @ RSSS
Coombs Computing
RSSS Information Technology
Home
Local I.T. people
I.T. Advisory C'tee
Spam information
Virus information
Useful links for you
ANU Library
Stay Safe Online
Personal Firewalls
ANU Wireless Network
Change your Coombs password
Change your ANU password
Web mail @Coombs
Web mail @ANU
ANU IT Guidelines & Policies
Training for staff & students
Audio Visual Services
Info Commons computing labs
Web CT login page
ANU Systems
HORUS
ESP
Online polls
Printer Friendly Version of this Document

VIRUSES & MALWARE

A general rule to follow :
Users should always remain aware of the danger of opening unsolicited email attachments and clicking on unknown web links contained in emails.

NEVER open any attachments you are not expecting.

Avoid the use of attachments as much as possible and do not open any attachments that you aren't expecting (even if they come from trusted sources). It's amazing how much these simple steps can keep systems free from a very large percentage of viruses and worms.

Inspired by the latest AusCERT announcement of a nasty new trojan, here's a draft document under discussion by the RSSS IT Group, extending our advice about spam. People who are not already aware of everything mentioned here are highly vulnerable to some serious damage.

Malware - Spam at a New Level

The Problem
Everyone with an email account is by now familiar with the nuisance of spam, clogging our inboxes with irrelevant, offensive and stupid advertisments. Sadly, the reason that spam increases is that it works: believe it or not, there are enough people being misled or tricked into responding, that spammers will continue their efforts into the future.

It is our unpleasant duty to inform you that the same tricks in use around the world to get us to open spam, are increasingly being used in malicious ways. Spam is not just thinly disguised or blatant advertising any more; it now includes carefully contrived attacks on your computer and your finances, possibly to involve it as an intermediary in other attacks.

It is well-known now that attachments can be (and often are) dangerous; we must now be aware that Web links can also put us at risk. Because of vulnerabilities in certain software, and clever misrepresentations, we must warn you that many people are at risk of hostile takeovers when clicking on Web links embedded in email.

We are circulating this guidance because we are all increasingly exposed to 'malware', software that is designed to adversely affect our use of computers, operating in secret.

This malware can take many forms, for example:
. keystroke loggers. These record everything that you type, and forward your typing to 'home base'. Often the perpetrators are, or are associated with, common criminals who are seeking credit card and banking details, and/or passwords for your various online accounts.
. DDOS engines. These take control of your computer, and use it to attack other computers (likely without your knowledge), which is illegal in most jurisdictions; you may be liable (this has not been tested in court).
. file sharing. These may use your computer to store pornography, purloined documents, or other offensive, illegal, or dangerous material.
. nuisances. These seek nothing more than to waste your time and your organisation's resources.
. vandalism. Malware can do anything, including but not limited to deleting files, changing the content of files, mailing passwords, files or other specific information to 'home base', stealing or exposing sensitive information, sending itself or other malware to your correspondents or other Internet-connected users, damaging your hardware and software, making your computer unbootable.

This is not conjecture. These things are happening now, all over the world.

The Defences
There is no complete or enduring defence. No product can be installed and forgotten, or address every requirement. A technical response, such as anti-virus and firewall software, cannot address social problems. The School's IT team has developed a security policy which reflects industry best practice, to help you defend your computer against an increasing tide of attacks from time-wasters, vandals, and criminals.

The School's IT team recommends the following:

. Examine your email headers closely, before opening any message. If you don't know the author, delete it immediately. If you consider the subject to be out of character, delete it immediately. If you must receive email from unknown correspondents, use a disposable Hotmail or Yahoo account, or use a Unix mail tool such as pine; these are not vulnerable to many (if any) of the tricks described here.

. Examine your email content closely, after opening every message. If it has an attachment that you didn't request, delete it immediately. Examine Web links closely; Web addresses in the form of numbers, such as http://150.203.224.42, should never be opened. Other Web links should only be opened, as for attachments, if you recognise your correspondent, and you are expecting such a link. Because malware can (and often does) send its own email, being from a familiar correspondent is no longer any guarantee. We must now engage in a protocol such as "can I send a link (or attachment)?", "yes please", "here it is". Don't forget to empty your 'trash' folder, at least every day.

. Be aware of your computer's operating characteristics. Any occurrence of unfamiliar messages, poor performance, unrequested disk activity, opening or closing of windows, restarting, or anything not directly initiated by you, needs to be reported to the School's IT team immediately.

. Recognise your role as a responsible computer user. Understand that your home computer(s) is probably more vulnerable than your office computer. Do not expect to connect a home computer or laptop to the School's network facilities without a security review. Never try to delay, adjust or disable protective software without input from the School's IT staff. Download only material relevant to your work, from trusted sites, and recognise that even this can be compromised.

. Look after your home computer(s). The University's anti-virus software is site-licensed, and you are entitled, and strongly recommended, to install it at home; ask your friendly local IT support person for a copy. Home computers and laptops without virus protection cannot be connected to the Coombs network without inspection by the School's IT team.

. Consider your own environment. It is a fact that the vast majority of malware is aimed at, and the vast majority of damage is suffered by, Microsoft products, specifically Windows, Internet Explorer, and Outlook. Eliminating even one of these from your suite would greatly reduce your exposure. Effective replacements for all three are now available, often at low or no cost; it is possible to almost entirely eliminate your exposure to these dangers, and the complications of dealing with them. Please feel free to discuss your options with the School's IT staff.

The only thing we can be sure of is that, in future, there will be both more of the same, and new threats not presently envisaged. The School's IT team will continue to effect best practice, and continue to advise you on safer computing. Best practices for computer users are detailed above, and we commend them to you. Good luck!

There are many resources in this link to the internet industry association. Links, documents and details of research being undertaken to assist you to protect your system from malicious attacks.
http://www.security.iia.net.au/australian_resources/security_issues/viruses.html
Page last updated: 23 November 2009
Please direct all enquiries to: rsssweb@coombs.anu.edu.au
Page authorised by: Director, RSSS
The Australian National University — CRICOS Provider Number 00120C