In past years, the various malware and viruses have not been very big disturbance to contaminated IT devices. These malicious programs have mainly showed pop-up messages/advertises in the web browser, or have changed the search engine of the browser to another. Disadvantage has been pretty trivial.
Nowadays it is very common that malware infected machine starts to collect your keyboard typing, screenshots, passwords, credit card numbers and usernames. In the worst case, the contaminated device starts to encrypt the user’s files on the computer and network disks, and then start to blackmail money in order it can be decrypted. None of the anti-virus programs do not work reliably against these new threats and the best protection is to use internet wisely.
The two most common ways how OUAS IT equipment gets contamination of malware:
1) driving or opening e-mail attachments with any program
2) when installing a program, some other program typically comes bundled with so-called harmless PUP-advertising program (Potentially Unwanted Program). Sometimes, these PUP-programs are able to update itself to full blooded virus.
(Overall the situation is good in OUAS: Currently on a weekly basis only isolated cases are revealed in and we hope that the number of infected machines will be at this level or even decrease.)
E-mail is insecure, the sender’s name is easy to falsify
When the e-mail system was developed over 30 years ago, data security or data protection was not taken into account in any way. For example, sender information is not verified in any way in the transmission of a message, – and still do not. This means that the cyber-criminals who send malwares can set anyone/anything to a sender of an e-mail. A spammer can set the sender address look such as <billing@oamk.fi>, and the message seems real at a first glance. Now it depends of the recipient’s own distrust, if to drive or to open the attachment included on an e-mail. In practice, automated programs spread these malwares and it is quite common that they choose the sender to look like someone known from the target organization. Examples could be: admin@oamk.fi, scan@oamk.fi, billing@oamk.fi, helpdesk@oamk.fi, some.name@oamk.fi, printer@oamk.fi, etc.
Antivirus software will lag behind, you are in a key role as a user
Malware spreading via e-mail campaigns often last only few days. At that point, when the malware campaign is already over the most common anti-virus programs begin to recognize this. Therefore, the user’s actions mean much more than the various anti-virus methods implemented by technological solutions.
Do you suspect that your computer is infected?
It is well known fact that such scam messages can be as credible or occur exactly at the right time that even a suspicious user falls into a trap. For example, e-mail recipient expects a receipt for any purchase he has made, and then some kind of a receipt-like message arrives to e-mail (but it is by chance some malicious software message). If you notice or suspect that your machine is infected by malware, the matter should not be secretive and not to be ashamed. Such happens also to professionals. Then you should immediately contact your local support or the helpdesk and ask for help.
Tips for anti-virus programs:
- https://ict.oulu.fi/4837 (in Finnish)
- https://ict.oulu.fi/3239 (in Finnish)
- https://www.viestintavirasto.fi/kyberturvallisuus/tietoturvanyt/2015/12/ttn201512021207.html (in Finnish)
Ransomware:
A typical ransomware virus campaign: