Time and time again, we see PCs and laptops being infected at CERN. While a local anti-virus software solution should provide you with basic protection, no anti-virus software will ever be able to detect all threats in a timely manner, nor will it be able to clean up an infection completely. If the anti-virus software doesn't manage to quarantine the infection immediately, reinstall your infected PC or laptop as soon as possible and change all your passwords afterwards to be on the safe side!
There are a multitude of ways in which your PC can become infected: lack of vigilance when browsing the web (remember: “Stop – Think – Don’t Click”?) and consequently arriving at a malicious website; installing software and plugins from dubious locations with unknown side-effects; infected USB sticks making their way into your PC/laptop; opening e-mail attachments with dodgy content... Once you have fallen into such a trap, the infection will nest itself deeply in your Windows/Mac/Linux operating system. It will try to remain silent. It will start to do its thing: stealing data, sniffing passwords, capturing your network traffic, taking snapshots of your desktop, encrypting your hard disk (and subsequently blackmailing you), attacking others, providing a platform for hosting pornographic images or illegal content… and so on.
Anti-virus software is supposed to provide you with a first line of defence. By analysing activity on your computer, it should be able to quarantine malicious actions before they are executed. It should keep malicious behaviour at bay. But not all malicious actions and behaviour are known before they hit: anti-virus software must be provided with up-to-date signatures to spot them. This update process takes time; your computer might be infected before the anti-virus software has a chance to step in. Therefore, we continue to rely on your personal vigilance and common sense. Beware!
Once your computer is infected and the anti-virus cannot quarantine and contain the infection, all is lost! This is the moment when the infection is deeply hidden and nested in your operating system. Game over for your computer and your passwords. This is also the moment when you should strongly consider reinstalling your computer from scratch. If we detect your computer being infected via our detection mechanisms, we will definitely ask for reinstallation and take your computer off the CERN network until it’s done. Also, we strongly recommend that you change all your locally stored passwords and any password typed recently on that computer. The infection might have sniffed it out. Similarly, credit cards whose numbers were entered on that computer should be closely monitored. Maybe the infection also took your credit card information? Another good argument to be paranoid (if your money matters to you). Thus, hardball in the event of an infection is – unfortunately – necessary…
For further information, questions or help, check our website or contact us at Computer.Security@cern.ch.
Do you want to learn more about computer security incidents and issues at CERN? Follow our Monthly Report.
Access the entire collection of Computer Security articles here.
Stefan Lueders, Computer Security team