Additional Virus Information
We collect information from a variety of sources in order to protect the LLE user community from virus or other forms of computer attack. Each company names viruses differently. Using multiple sources allows us to cross reference.
Places to get virus information:
- AVG Virus Encyclopedia
- Avira Virus Info
- Bitdefender Virus Encyclopedia
- ESET Threat Centre
- F-Secure Virus Description Database
- Fortinet Virus Encyclopedia
- Kasperksy Lab's SecureList Descriptions
- McAfee Avert Labs Threat Library
- Microsoft's MMPC Encyclopedia
- Panda Encyclopedia
- Sophos Threat analyses
- Trend Micro Virus Encyclopedia
Sources of Information on Vulnerabilities:
- Secunia- A leading vulnerability intelligence provider and distributor
- CERT- Computer Emergency Response Team at Carnege Mellon
- InfraGard- Guarding the Nation's infrastructure
- SANS- System Administration, Networking, and Security Institute
- FBI- Federal Bureau of Investigations
- SARC- Symantec AntiVirus Research Center
We also rely on our users to let us know about unusual or somehow questionable content they receive via the Internet.
There is no foolproof protection as yet and there probably never will be so common sense is your best protection. If you don't recognize the name of the person that sent you the e-mail and it contains any kind of attachment, DON'T OPEN IT!
Be very stingy with the information you provide on the web and if you shop on the web, avoid unsecured pages at all costs (use the phone instead) and check your credit card statements carefully. Notify your bank if anything looks suspicious. They can investigate and let you know exactly who charged your account. Notifying them also protects you from liability!
For help with computer security concerns, contact Computer Support.
Frequently Asked Questions about Viruses
Virus incidents are on the rise here at LLE. If you think you have received a virus, please forward the message to Computer Support's firstname.lastname@example.org. Do not delete the suspect message until Computer Support can look at your copy. In general, be extremely cautious when opening any e-mail attachment.
The following are frequently asked questions about receiving a virus via e-mail:
What is an "incident"?
The easy answer is "Anything you want." Anytime you have a question about an e-mail message you should feel free to forward the message to the "virus" address. Do not delete a message that you forward to us until we have contacted you. This may seem counterintuitive, but in order for us to track down the source of a virus transmitted via e-mail, we must be able to examine the entire message. Unfortunately, the act of forwarding a message does not (by default) pass on all of the message headers, and these headers help us determine the origin of a message.
But isn't a virus dangerous sitting in my inbox?
No—only if you open any attachment(s) to the message. Never open any of the attachments.
I already clicked on an attachment that I think might be a virus. What should I do?
If you have actually opened an attachment that you now suspect has infected your machine, you should unplug your machine from the network, if you know how. Immediately call anyone in the Computer Support Group or the on-call pager (9-1-877-504-6820).
I received a message that warned me of some danger and urged me to do something to my system (such as deleting a file, forwarding the warning on to others, etc.); what should I do?
Forward the message to email@example.com and do nothing else.
When I attempt to forward the message to the virus address, Eudora says that it will have to download the attachments in order to forward it; is this ok?
Yes. This only happens to people who are set up to use the IMAP protocol (rather than the POP protocol) to read their mail.
Is there anything else I should include when I forward the suspected virus message?
The following additional information will be useful:
- Your telephone extension
- Name of the possibly infected computer
Whether or not your OfficeScan software flagged the message
- If it did: what action OfficeScan took
In a strict sense, we are MOST interested in tracking down "uncaught incidents." An uncaught incident is when you receive an e-mail with an attachment that you feel is in any way suspicious but has NOT been reported by Trend OfficeScan.
If you have any virus-related question, contact Computer Support's virus e-mail at any time.
What is clickjacking and why should I worry?
Clickjacking is a recently discovered method of compromising your information that is now being exploited by software criminals. In a clickjack attack, you click on and enter information into what seems like a normal web page. You will not see anything different because the attack is camouflaged. The figure below illustrates how the attack works.
Visualization of a clickjacking attack.
Unlike a virus, trojan, or other malware that compromises your computer by exploiting a deficiency in an application or the operating system, the attacker simply takes advantage of a standard practice in web page design called UI Redressing. To make interactive and engaging web pages, it is possible to hide certain content and then display it when needed. One can place something like a fill in box on top of something else on the page. If you tell the browser to make that box transparent, all you will see is the box below it. When you enter text, it will actually go into the hidden area and then be sent to the attacker. There are many clever variations on how this can be done. A good explanation with more detail is available in this article on the SecTheory web site. If you search in Google you will find lots of information.
The good news is that the NoScript extension is very easy to install and use (watch video). You can enable a site temporarily, permanently, or forbid it to run potentially dangerous content.
What do I need to do?
- Install NoScript on your LLE office computers
- Install NoScript on your home computers
- Stop using other browsers such as Internet Explorer
Firefox is LLE's default browser and is installed automatically. Do not install Firefox yourself on your work PC. If you can't find it or are having trouble, please contact Computer Support.
VPN users are required to use Firefox with NoScript. All LLE staff are responsible for protecting LLE's intellectual property. If you don't have them, install them now. If you have trouble contact Computer Support for help.
Firefox and NoScript can be downloaded from the following links:
Adding a Printer
To add a printer on your Windows PC:
- Type \\printserv in the Windows 7 run dialog off the start menu (or search).
- When the Window appears, double click on the printer you'd to use.
- Answer in the affirmative to any prompts presented.
For printing help on other platforms:
SecurID Software Tokens
Scan the appropriate QR code below with your smartphone to go directly to the application's page
After the application is installed, contact any member of the Computer Support Group to obtain a software token.