Virus information
What is a virus?
A virus can be defined as a program that infects files and other programs, and is capable of copying and spreading itself. Generally a virus isn't activated until the infected program is opened, but when it is, it will try to edit, delete og copy data from the computer.
The huge spread of vira are primarily because of opening unknown links in chat programs, download from websites, opening of attached files in mail, security holes in browsers, mail programs and operating systemts.
The term virus is often used about several types of malicious programs. Those are:
Worms:
A program that can forward itself through email, tcp/ip and disk drives. The difference between worms and vira are less and less. The ILOVEYOU program was a worm that used the e-mail programs addressbook, deleted files on the harddisk that it replaced with its own files. If these files were opened again, the worm would reproduce itself. Lately Sobig and Mydoom have been examples of similar worms that have pushed the limits of the mail servers around the world.
Trojan horses:
A malicious program that usually spreads through e-mail or infected websites. It isn't a virus per definition as it doesn't copy itself, but it's just as harmful. A trojan horse can be a screen saver which functions and works just like a normal screen saver, but contain spyware that steal information like your VPN username, passwords, and settings. Back Orifice and NetBus are examples of how hackers could remotely control computers over the internet.
A logical bomb is a type of trojan horse which executes under special circumstances e.g. on a specific date, at a specific type combination etc. The logical bomb will then execute a tack that will change, delete or copy data.
Hoax
A "false" virus often send virus warnings in chain letters. The warning are either false, or include instructions deleting certain files that are important for the computer. The sender will try to convince the receiver that it's important that the mail is forwarded. The only harmful thing in this kind of mail is the time you waste reading it. Therefor it's important that you do NOT forward this kind of mail to others. We should mention that NO antivirus company (nor Microsoft) send these kind of warnings through mail.
What is a virusscanner?
A virusscanner is a program that is created to recognize and stop/delete a virus, BEFORE it infects your pc (it can be compared to a vaccine). The people who develop a virusscanner make updates for it every day/several days a week. There updates HAS to be installed, otherwise the virusscanner won't have any effect, since new vira show up every day!
Free virusscanner!
The IT-department offer a virusscanner for free to all students and employees. It can be found under "Lending IT applications" as described here.
Read the file "F-Secure installation uk.pdf" regarding the installation.
If you got attacked by a virus you can download Stinger at http://vil.nai.com/vil/stinger/. This is a small program (700 KB) that scans for the most wide spread vira.
Do we here at IHA scan for virus?
YES! In several ways! First of all we scan for virus on every single pc. Second of all we scan all emails in and out of IHA.
What about if i get a mail from virusalert@iha.dk?
Because of the rising amount of virus infected mails around the internet, the IT-department scans all ingoing and outgoing mail.
When an infected email are discovered, a mail is sent to the sender to inform that the person is infected, and a mail to the receipient that a virus have been deleted from the email. This email does not contain a virus, it's simply to inform the receipient that someone have tried to send him/her a mail containing a virus.
The mail, with the subject "VIRUS ("virus name") FUNDET I EN MAIL TIL DIG (fra ("sender")) contain information about which virus has been caught and who sent it. The sender have already been informed that he/she sent an infected email, but if the sender thinks the information is important, he might want to contact the sender to ensure that he sends the mail again when he has gotten rid of the virus.
In some caes the sender will just be showing "unknown sender". This is because some vira uses a false sender address, which means that you can't rely on the sender information being correct. In these cases the sender have no idea that the mail have been sent, which means the mail did not contain any information you needed. These mails can just be ignored.