The enemy within

Published Aug. 12, 2008
By 52nd Fighter Wing Information Assurance Office

SPANGDAHLEM AIR BASE, Germany -- Your computer starts to run a little weird; you notice the drive light blinking when you aren't doing anything and the system seems a little slow. In the middle of writing an important document for work, your system suddenly reboots for no reason. At first you may shrug it off, but then you notice a strange program in your "start" menu. There is a possibility your system has been infected with a virus or maybe even hacked.

Had you been exposed to a massive dose of gamma radiation you might turn green and burst out of your clothes at this point, setting off destroying everything in your path until you found the perpetrators and made them pay. Since the average person can't turn into The Incredible Hulk, you'll have to settle for the help and support provided by your friendly neighborhood 52nd FW Information Assurance office. The most important thing you can do is to act quickly and decisively to stop any ongoing infections and/or intrusions. You must determine the extent of the damage caused and secure and protect your system.

Unfortunately, if you did not prepare in advance for such an incident, you are probably finding out at this point than your Information Systems Security Officer may have been on to something when he or she asked you to update your antivirus software and make sure that all applicable security patches were installed and up-to-date to eliminate those pesky vulnerabilities. So what do you do now?

If you think you may have been infected with a virus you need to decide your course of action immediately. Your initial reaction should be to disconnect your computer from the network. Simply disconnect the network cable from the back of your system. This will prevent your infected system from possibly infecting other computers on the network. Next you need to contact your ISSO or System Administrator for assistance.

At this point the responsibility of recovery will shift to the ISSO or SA. You should feel confident that you have done the right thing. These experts are fully trained to handle any malicious logic incident, and protect your system using the most up-to-date antivirus software available.

New viruses are discovered almost daily and most antivirus software vendors release updates at least weekly to protect against new threats. It is your responsibility to make sure the most up-to-date antivirus signature files are on your system. Remember that one of the easiest things you can do daily to protect yourself against viruses is to just use a little bit of common sense. If you were downtown shopping and a stranger handed you a suspicious looking package chances are you wouldn't open it. This is exactly what you are doing anytime you open an e-mail or attachment from an unknown or un-trusted source.

A red flag should go up anytime somebody you don't know sends you an e-mail with something really interesting to look at, like the new Britney Spears video. Chances are that it's infected with a virus that could potentially bring our network to a crashing halt.

Think of your computer as a doorway to our network. If you are handing the key to that doorway to anyone who comes snooping around, you are inviting the bad guys over and asking them to do us harm.

Use the same caution when browsing the web. An easy way to tell if a link is unsafe to follow is by hovering over the hyperlink with your mouse. If the link that the mouse shows is different from the link the e-mail is showing, it's a good indication that the e-mail is a phishing scheme.

You may think it's OK to download "free" software off the Internet, but this software usually comes with a price. You might get more than you wanted. Free programs, such as chat software and games, often cause security problems for your system and the network. They can infect your computer with viruses, or even open security holes in the base firewall that can potentially allow unauthorized users access to the base internal network.

Consult your ISSO or SA and applicable AFI before placing any software on a government owned computer. Most people think the primary threat from viruses and other malicious software comes from the Internet or e-mail -- this is not true. Your new music player or digital picture frame hold more than music or pictures of loved ones. A recent study showed that popular high-tech devices sold at some major retailers came preinstalled with viruses. There appears to be no malicious intent by the manufacturers, but rather sloppy quality control on their part. CNN released a news article earlier this year regarding this issue.

Contact your ISSO or SA immediately if you notice anything suspicious on your system.

Finally you know how to keep viruses and malicious software out, let's talk about keeping your files backed up. Our friendly neighborhood administrators automatically back up what's stored on the file servers (or "shared drive"), but what about the files you have saved on your desktop or in your My Documents folder? Those are not backed up, so remember to periodically back up important files saved on your computer, especially personal folders that you have set up for your e-mail, onto a blank CD or DVD ROM.

Otherwise, you might lose all that information that you worked those late nights to procure!