Computer Virus Information

What is a virus?

Viruses comprise one class of a wide variety of malicious software known collectively as "malware". A computer virus takes advantage of the resources available on an infected system to do some or all of the following: to propagate itself via removable media (e.g., USB sticks, CD, DVD), email, or network connections; to destroy data; and possibly to embarrass the owner of the system by redistributing documents found on the victim system's hard drive or mailboxes. A computer virus cannot run on its own: the program must be executed in order to take effect. However, viruses can be written to take advantage of a particular program or operating system's features or security vulnerabilities so as to make it more likely that they will be inadvertently run. Once run, a virus may make modifications to system files so that the virus continues to be run every time the computer is restarted, or every time a particular program (such as an email client) is used. Some viruses only cause minor problems, while other viruses can permanently destroy data. Most viruses include some mechanism for persisting on the infected computer and for propagating themselves to other computers. The propagation methods include transmission via network connections, as emailed attachments or additions to shared files, or even simply writing themselves to removable media, where they will attempt to infect the next computer to access the media. Often a user will learn that his or her own system is infected only when a friend or colleague complains about a strange email message or other odd behavior coming from the user's computer. At Caltech, you may learn that a computer is infected because Information Security detected it engaging in suspicious activity.

Another class of malware is known as a trojan. Unlike a virus, a trojan typically does not attempt to propagate itself. Trojans are a form of malicious software that can allow attackers to remotely steal information and/or issue commands to be run on the infected system without the user's knowledge. Trojans known as "spyware" can allow an attacker to retrieve information about a user's activities; for example, the user's internet browsing habits. There are other types of trojans that are designed to take the victim's data "hostage" by encrypting the data so the owner can't access it. The victim is then told to pay money in exchange for a decryption key (which may or may not actually work). This type of trojan is known as "ransomware". At minimum, most trojans can receive arbitrary commands from a remote attacker or controller, and can steal private data such as passwords and confidential files.

There are many commercially available software programs that scan for malware, delete or "quarantine" it, and alert the user. Antivirus software must be constantly updated to keep up with newly created viruses. IMSS strongly recommends installing antivirus software on your computer, and keeping its virus definition list up to date. Most antivirus software now comes with an automated method for updating the virus definition list, so that you don't have to remember to do it. Review Security tips and tools to help securely configure your computer and reduce the risk of successful malware infection.

If you suspect that your removable media, or a computer you have been using, is infected with any kind of malware, scan your files with updated antivirus software to help detect the source of the problem and limit its damage. Send email to security@caltech.edu if you have trouble or questions. Please do not simply forward us a copy of the malware, or the file you believe contains malware, unless we request it.

The Help Desk can assist you with antivirus scanning. You can reach the Help Desk by visiting https://help.caltech.edu and logging in with your access.caltech username and password.

Site Licensed Antivirus Product Suites

Caltech has a sitewide license for the Symantec Antivirus product suite and Microsoft Forefront antivirus. See our software site licensing page for more details and instructions on how to obtain it.

Tips for Protecting Your Computer from Viruses

  1. Purchase or download and run an antivirus utility such as Symantec or Microsoft Forefront or Avast (free version available for personal use).
  2. Keep your antivirus software up to date by updating its virus definition list regularly, or setting it to automatically update. Weekly updates are recommended at minimum; daily updates are better. If you use an antivirus with real time protection, take advantage of that feature to scan files whenever you create, open, move, copy or run them. This can help you detect malware before infection occurs.
  3. Be careful about the removable media you use; some viruses, including some very destructive ones, load from removable media. Be sure to set your antivirus software to scan removable media and not just your computer's hard drive. We also recommend disabling autorun on Windows computers.
  4. When downloading files, be careful about the source of those files and know exactly what you are downloading.
  5. Don't open any suspicious attachments or emails, especially if you don't know why they were sent to you. Be particularly suspicious of executable attachments (.vbs, .exe, .bat, .com file extensions). Make sure your email program is not set to automatically open attachments.
  6. Unless you must use Visual Basic scripting as part of your work, consider simply turning off the Windows Scripting Host by causing Windows to "forget" what program to use for opening .vbs files.
  7. Configure your shared folders for maximum protection from network-aware viruses and worms by turning off file-sharing, or setting its permissions strictly.

How to turn on Active X filtering in Internet Explorer

  1. In IE9 or IE10, click/tap on Tools on the Menu bar.
  2. In IE9 or IE10, click/tap on the gear icon at the top right, and click/tap on Safety.
  3. Click/tap on ActiveX Filtering to check it, then refresh (F5) IE9 or IE10 to apply.

How to use Internet Explorer security Zones

  1. Open Internet Explorer.
  2. Click the Tools button (picture of a gear), and then click Internet options.
  3. Click the Security tab, and then do one or more of the following:
  4. To change settings for a security zone, click the zone icon, and then move the slider to the security level that you want for that zone.
  5. To create your own security settings for a zone, click the zone icon, and then click Custom level.
  6. To restore all security levels to their original settings, click the Reset all zones to default level button.

Helpful Firefox addons

  1. NoScript
  2. Webutation

Additional Resources

Additional information about computer viruses can be found in the following locations. IMSS encourages users to be aware of computer virus outbreaks on campus, and to do their part in halting the spread of virus infections.

Symantec's Security Response Center
A descriptive information database of international computer viruses and their effects

F-Secure Computer Virus Info Center
Another excellent descriptive virus information database

McAfee Virus Information
Another excellent descriptive virus information database

Computer Virus Myths Home Page - Rob Rosenberger with Ross Greenberg
A descriptive database of virus and computer security hoaxes

Sophos threat Analyses: Hoaxes
Another storehouse of common computer virus myths and hoaxes