Loyola University Chicago

- Navigation -

Loyola University Chicago

University Information Security Office

Click Carefully

Many of the current computer viruses require that the user take some sort of action to infect themselves. This typically takes the form of clicking on a link or an attachment. Phishing attacks also often require the user to click on a link, tricking the user into believing that they are going to a secure, legitimate site when in reality they are going to a site controlled by the phisher. Therefore, it is extremely important that you only click on files and links that you trust. The difficult task is figuring out what should be trusted. Fortunately, we have a number of tips that can help you.   

Attachments in email
One of the most common ways to spread trojan horse viruses is to send them via email. The email attachment will pretend to be something that you might want to open, such as pictures of a celebrity, a collection of pornographic pictures, a greeting card, a game, or any number of other disguises. Often, viruses will use email addresses that they have found on an infected computer to populate the "from" line of an email, so it may look like the message was sent by someone that you know.

Method #1 - Reply back to the sender
This is one of the easiest methods. Simply send a note back to the sender asking them if they sent you any files recently. If they didn't, you know that you should delete the message without opening the attachment. This doesn't necessarily mean that their computer is infected, as your email address and their email address could have been pulled from the computer of someone you both know who is infected. If they did send you the message, that does not mean that it is not infected, but it does provide a small amount of trust.

Method #2 - Scan with your antivirus software
Instead of opening the attachment within your email program, choose to save the file to your desktop. Most antivirus programs allow you to easily scan files by right-clicking on them and selecting an option along the lines of "Scan for viruses" or "Scan with antivirus program". If the attachment contains a virus, delete the file and delete the message. If it does not, that once again does not mean that it is not infected, but that once again provides a small amount of trust.

Method #3 - Send the file to a free scanning service
There are sites on the Internet such as the online malware scan [link outside of LUC.edu] and Virustotal [link outside of LUC.edu] that will allow you to upload suspicious files for free, them scan them with multiple antivirus products. This is very effective at catching new viruses and virus variants. If either of the scanners detect a virus within the file, delete the file and the email. While this also does not provide 100% certainty that a file is not infected, it is the best method of the three.

Used in concert, these three items will greatly decrease the chance that you will infect yourself with a virus received through email.   

Links in email
Another item to worry about in email are links. It is very easy to disguise a link to make it appear like it is sending you one place, while it is actually sending you to another place. A quick example of that is this link, which points to http://www.luc.edu, right?

That example was a bit contrived, as you can clearly see in your browser bar that you are at www.lumc.edu. But there are a number of techniques that can be used to disguise this. The most effective is to perform what is known as a man-in-the-middle attack. In this case, the attacker configures a web site to receive traffic at address A, and automatically send it to address B. It then takes the response from address B and sends that to the user's browser. In this case, the user would see address B exactly as it appears, but would be sending all of their information, which might include passwords and account numbers, to both address A (which is the attacker) and address B (which is the legitimate site).

So what should you do if you receive a link in email?
The easiest thing to do if you receive a link in the email is to copy and paste it, instead of clicking it. Try it with the http://www.luc.edu example above. Just select the text, then copy it and paste it into a browser window. You will see the correct www.luc.edu page. There are a few attacks that will still work in spite of this step, but they require additional compromises of either your HOSTS file or the DNS server you are connecting to. This will protect you from the vast majority of these attacks, which are most commonly associated with phishing attacks that are attempting to steal your banking account numbers and passwords or information to attempt to steal your identity.   

Links in instant messaging
Another item to worry about are links that you receive through an instant messenging client, such as MSN Messenger, AIM, or Yahoo Messenger. If the link comes from someone who is not on your buddy list, you should be suspicious. It is a good practice to never follow a link that you receive from someone that you don't know. If the link comes from someone who is on your buddy list, ask them a question about it, such as "What's this?" A number of current viruses will send out a link to everyone on the buddy lists of the infected person to automatically download a copy of the virus to all of those people. By simply asking "What's this?", your buddy will either tell you where the link goes, or they will know that they may have a virus on their system and should install an antivirus program.

Loyola

Information Technology Services
1032 W. Sheridan Ave. · Chicago, IL 60660 · 773.508-7373
DataSecurity@luc.edu

Notice of Non-discriminatory Policy