Information Technology Services: Frequently Asked Questions About Computer Viruses


	Accounts, Access & Security
	Computer Store & Service Center
	E-Mail
	HelpDesk
	Printing
	Software & Documentation
	Technology Training
	VPN
	Virus Protection
	Voicemail
	Web Publishing
	WesStation/Mail Services
	Wireless

Frequently Asked Questions about Computer Viruses

What is a virus?
Howdoes a virus infect a computer?
Trojan Horses
Worms
What can viruses do?
Where are the virus risks?
What can I do to reduce the chance of getting viruses from E-mail?
Some general tips on avoiding virus infections

What is a virus?

A computer virus is a computer program that can spread across computers and networks by making copies of itself, usually without the user's knowledge. Viruses can have harmful side-effects. These can range from displaying irritating messages to deleting all the files on your computer.

How does a virus infect a computer?

A virus program has to be run before it can infect your computer. Viruses have ways of making sure that this happens. They can attach themselves to other programs or hide in code that is run automatically when you open certain types of files. You might receive an infected file on a disk, in an email attachment, or in a download from the Internet. As soon as you launch the file, the virus code runs. Then the virus can copy itself to other files or disks and make changes on your computer.

Trojan Horses

Trojan horses are programs that do things that are not described in their specifications. The user runs what he or she thinks is a legitimate program, allowing it to carry out hidden, often harmful functions. Trojan horses are sometimes used as a means of infecting a user with a computer virus. Backdoor Trojans are programs that allow other computer users to take control of your PC over the Internet.

Worms

Worms are similar to viruses but do not need a carrier (like an email attachment). Worms simply create exact copies of themselves and use communications between computers to spread. Many of them can directly infect a computer through its internet connection without any action on the user's part. They are able to gain entry by exploiting flaws in the computer operating system (usually Microsoft Windows). In most cases, these are known security problems and patches are available to update your computer so that it is not vulnerable to such attacks. You can update your Windows computer with the latest security patches by going to http://windowsupdate.microsoft.com or you can configure your system to automatically download and install all updates. Click Here for instructions.

What can viruses do?

Virus side-effects, often called the payload, are the aspect of most interest to users. Here are some of the things that viruses are capable of:

Denial of Service	W32.Blaster.Worm floods the Microsoft Update web site with network traffic in an attempt to prevent anyone from downloading the security patches needed to protect their systems against the DCOM RPC vulnerability.
Messages	WM97/Jerk displays the message 'I think (user's name) is a big stupid jerk!'
Pranks	Yankee plays 'Yankee Doodle Dandy' at 5pm
Denying Access	WM97/NightShade password-protects the current document on Friday the 13th
Data Theft	W32.Mimail.J@mm is a mass-mailing worm which attempts to steal personal information. The worm displays a web page which asks the user to enter their credit card information. This information is saved and later emailed to several predetermined email addresses.
Corrupting Data	XM/Compatable makes changes to the data in Excel spreadsheets
Deleting Data	Michelangelo overwrites parts of the hard disk on March 6th
Disabling Hardware	CIH or Chernobyl attempts to overwrite the BIOS on April 26th, making the computer unusable

Where are the virus risks?

The Internet	Downloaded programs or documents may be infected
Programs	Programs that carry a virus can infect your machine as soon as you run them
Email	Email can include infected attachments. If you double-click on an infected attachment, you risk infecting your machine. Some email s even include malicius scripts that run as soon as you preview the mail or read the body text.
Documents and Spreadsheets	These can contain macro viruses which can infect and make changes to other documents or spreadsheets
Floppy Disks, Zip Disks, CD's	Floppy disks can contain an virus in the Boot Sector. Any removable disk could contain infected programs or documents.

What can I do to reduce the chance of getting viruses from E-mail?

Treat any file attachments that might contain executable code as carefully as you would any other new files: save the attachment to disk and then check it with an up-to-date virus scanner before opening the file. If your E-mail or news software has the ability to automatically execute JavaScript, Word macros, or other executable code contained in or attached to a message, I strongly recommend that you disable this feature. If an executable file shows up unexpectedly attached to an E-mail, you should delete it unless you can positively verify what it is, who it came from, and why it was sent to you. The recent outbreak of the Melissa virus was a vivid demonstration of the need to be extremely careful when you receive E-mail with attached files or documents. Just because an E-mail appears to come from someone you trust, this does NOT mean the file is safe or that the supposed sender had anything to do with it.

Some general tips on avoiding virus infections:

Install anti-virus software from a well-known, reputable company, UPDATE it regularly, and USE it regularly. New viruses come out every single day; an a-v program that hasn't been updated for several months will not provide much protection against current viruses. Wesleyan faculty and staff can contact their Desktop Support Specialist for Virus Protection Software and updates. Students can get a free copy of the installation CD for Symantec AntiVirus from the Help Desk.
Virus scan any new programs or other files that may contain executable code before you run or open them, no matter where they come from. There have been cases of commercially distributed floppy disks and CD-ROMs spreading virus infections.
Anti-virus programs aren't very good at detecting Trojan horse programs, so be extremely careful about opening binary files and Word/Excel documents from unknown or 'dubious' sources. This includes posts in binary newsgroups, downloads from web/ftp sites that aren't well-known or don't have a good reputation, and executable files unexpectedly received as attachments to E-mail or during an on-line chat session.
If your E-mail or news software has the ability to automatically execute JavaScript, Word macros, or other executable code contained in or attached to a message, disable this feature.
Be extremely careful about accepting programs or other files during on-line chat sessions: this seems to be one of the more common means that people wind up with viruses, Trojan horse programs or Spyware. And if any other family members (especially younger ones) use the computer, make sure they know not to accept any files while using chat.
Do regular backups. Some viruses and Trojan horse programs will erase or corrupt files on your hard drive, and a recent backup may be the only way to recover your data. Wesleyan faculty and staff should contact their Desktop Support Specialist to have their computer configured for nightly backups.