• Recent Posts

  • Categories

  • Archives


How to detect malware symptoms

Friday, September 26th, 2014

If your computer starts to behave strangely, you might be experiencing spyware symptoms or have other unwanted software installed on your computer.

Wikipedia defines malware as follows:

“Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems. It can appear in the form of executable code, scripts, active content, and other software.’Malware’ is a general term used to refer to a variety of forms of hostile or intrusive software.” []

Here are a few tips on how to detect malicious software:

  • I see pop-up advertisements all the time.
    Some unwanted software will bombard you with pop-up ads that aren’t related to a particular website you’re visiting. These ads are often for adult or other websites you may find objectionable. If you see pop-up ads as soon as you turn on your computer or when you’re not even browsing the web, you might have spyware or other unwanted software on your computer.
  • My settings have changed and I can’t change them back to the way they were.
    Some unwanted software can change your home page or search page settings. Even if you adjust these settings, you might find that they revert back every time you restart your computer.
  • My web browser contains additional components that I don’t remember downloading.
    Spyware and other unwanted software can add toolbars to your web browser that you don’t want or need. Even if you remove these toolbars, they might return each time you restart your computer.
  • My computer seems sluggish.
    Spyware and other unwanted software are not designed to be efficient. The resources these programs use to track your activities and deliver advertisements can slow down your computer and errors in the software can make your computer crash. If you notice a sudden increase in the number of times a certain program crashes, or if your computer is slower than normal at performing routine tasks, you may have spyware or other unwanted software on your machine.

If you suspect your PC has been infected with malware, contact our service desk at x4367 or log a call on the HEAT CALL LOGGING SYSTEM


Attack of the trojans, bots & zombies

Friday, August 30th, 2013
Once of the most common questions we are asked by users is: How do these spammers get my e-mail address? Previously we looked at Rumpelstiltskin attacks and this week we will focus on the second of the methods –  by using Trojan Horses, Bots and Zombies. Now, thet may sound like something from a movie, but they do pose quite a serious threat to you as e-mail user.

Let us use a familiar example. You regularly exchange emails with your elderly mother who has a computer. Your mother uses Outlook or Thunderbird and has dozens of emails from you in her inbox. She even added you to her address book. She also has lots of emails from a distant family member – cousin Johan from Australia. You haven’t stayed in touch with Johan that closely over the years, but you definitely know who he is.

Last year, just before the Christmas, Johan downloaded and installed this really pretty Christmas screensaver that showed tranquil tree and candle scenes when he wasn’t using the computer. What he didn’t know was that the screen saver had a sinister hidden payload. While the candles flickered peacefully on his screen, the software went to work combing through his emails and address book, his browser’s cache of past webmail sessions and other files, storing every email address it would find in a separate list.

Then it sent the entire list to a server in Russia, where a criminal combined it with other such submissions to build the ultimate monster spam list that can be sold and resold over and over again.

But as if that wasn’t enough, when the “screensaver” sent the address list to Russia, it received some content in return – messages to be sent to all of Johan’s contacts. Then, unbeknownst to John, his computer started creating hundreds of emails randomly using the harvested email addresses in the To: and From: field along with the content from the Russian server and sent them out using Johan’s Internet connection. One of them used your mother’s email address as sender and yours as recipient.

Now you received some spam from your mother asking you to buy fake watches and you’re ready to speak to her telling her to stop. Well, don’t. Your mother has obviously nothing to do with the whole thing and you’ll never find out that it was actually Johan’s computer.

You just had a look into the really nasty underworld of the Internet where botmasters (the guy in Russia) control botnets (infected computers that all report to the same server) of remote-controlled zombies (Johan’s computer) that were compromised using trojan horses (the screensaver) or similar malware.

And it doesn’t even end there. The botmaster typically doesn’t spam for his own account but hires out his botnet to whoever pays the most. The equally shady factory in China wanting to sell more fake Rolexes can now hire the botmaster to blast their offers all over the internet. The guy in Russia doesn’t even care if you open or click on that email from your mother, he gets paid either way. And when he’s done with the watches, he’ll inform his entire mailing list that they all won the lottery and can pick up the prize if only they pay a small “transfer fee” up front. And after that, he’ll mail a Paypal phish for yet another “client”. And for good measure, he’ll sell his entire email address database, incl. yours, to a friend who is in the same line of “business”.

In other words, once your email address got picked up by a botnet, Pandora’s Box is wide open. The whole scheme is particularly wicked because now you have to depend on others to keep your address safe. Unfortunately, there is little you can do:

  • First of all, do your own share: NEVER open email attachments that you didn’t ask for, even if they appear to come from good friends like Johan. If you’re still curious, ask Johan or your mother first if they really sent it.
  • NEVER download anything where you can’t in­de­pend­ent­ly verify it’s safe. With“independently verify” I mean you can read about it in forums, blogs, news sites, your local “computer geek” etc. Facebook fan pages, even with 1000s of “fans”, do NOT count, they are way too easy to manipulate and are usually full of misinformation!
  • NEVER get fooled by fake “security scans” (they’re quite the opposite!) or“video codec updates” to see that funny kitten clip. If you think you need a new Flash player, type in by hand and update from there. If afterwards the site still says you need an “update” get out of there as fast as you can.
  • Then educate your friends and family about the same. Explain how trojans work. Send them a link to this blog page!
  • You can try having multiple private email addresses. Keep a super-private one, only for family and very few of your closest friends.  Use your university address for everyone you work with and don’t use this for private mail – EVER!  Get a semi-private one for your wider social circle. The latter two do get some spam, although it’s still manageable. GMail has a very good “spam filter”, and blacklisting spammers is very easy!



(Afrikaans) Nuwe e-pos “malware” veroorsaak verwarring op kampus

Tuesday, January 15th, 2013

Sommige gebruikers ontvang sedert gister `n e-pos wat aandui dat jou e-pos posbus sy limiet bereik het en waarsku dat jou toegang tot sy e-pos afgesny gaan word indien dit nie onmiddellik geaktiveer word deur op `n skakel te kliek nie. Soos met alle ander weergawes van hierdie tipe “malware” e-posse, moet onder geen omstandighede op die skakel kliek nie. As jy met die muis oor die skakel beweeg, sal dit `n onbekende adres wys wat nie verband hou met die e-pos se onderwerp nie. In sommige gevalle sal dit voorkom of die e-pos deur iemand gestuur is wat jy ken, maar onthou dat die “malware” `n gebruiker se posbus infiltreer en aan sy kontakte gestuur kan word. Onder is `n voorbeeld van so `n e-pos.

From: Abrahams, B, Mnr <…> Sent: 14 January 2013 19:51 Subject: Your Mailbox Has It Storage Limit Your Mailbox Has Exceeded It Storage Limit As Set By Your Administrator, And You Will Not Be Able To Receive New Mails Until You Re-Validate It. To Re-Validate – >Click Here: Thanks, System Administrator.

New malware warning

Tuesday, December 4th, 2012

Please take note that a new malware threat has emerged on campus. Some users have reported the following:

A pop up will appear on your screen (see below) prompting you to update your Antivirus package due to a threat (in this case a trojan). However, this notification in itself is a malware application. If you click on the option to update, it will install itself on your pc. Under no circumstances should you click on the button.

Close the pop up screen immediately and if you’re worried that your pc is infected, contact the IT helpdesk. Read more on

Vaccinate your pc

Friday, November 9th, 2012

Every year you have to go to your doctor to get an anti-flu injection. You have to get one every year because the influenza virus mutates and adapts every year into a new strain. Computer viruses are exactly the same! Here are a few handy tips and hints to ensure the whole process is as painless as possible. But first things first –

  • Use an AntiVirus Software – It is very important that your computer has an antivirus software running on your machine. By having an antivirus program running, files and emails will be scanned as you use them, download them, or open them. If a virus is found in one of the items you are about to use, the antivirus program will stop you from being able to run that program and therefore infect yourself.

See this link for a listing of some online/stand-alone antivirus programs: Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software –  There is no point running an antivirus program if you do not make sure it has all the latest updates available to it. If you do not update the software, it will not know about any new viruses, trojans, worms, etc that have been released into the wild since you installed the program. Then if a new infection appears in your computer, the antivirus program will not know that it is bad, and not alert you when you run it and become infected. Therefore it is imperative that you update your Antivirus software at least once a week (Even more if you wish) so that you are protected from all the latest threats. If you are lucky then you will have an anti-virus product that will update itself automatically via the internet, but never blindly trust this. A large number of the more virulent viruses and trojans can deactivate your anti-virus software’s updating functions.
  • Install an Anti-Spyware Program – Just as you installed and use an antivirus program, it is essential these days to use a Spyware protection and removal program. These programs can be used to scan your computer for spyware, dialers, browser hijackers, and other programs that are malicious in nature. The 4 program that I recommend are SuperAnti-SpywareSpybot – Search and Destroy, andLavasoft’s Ad-Aware, and Windows Defender.A tutorial on using some of these programs can be found below:

Using Spybot – Search & Destroy to remove Spyware , Malware, and Hijackers

Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Commercial Spyware Removal/Protection Programs – If you feel more comfortable installing a commercial Spyware removal program then I recommend WebRoot’s Spysweeper or Lavasoft’s Ad-Aware Professional. Both are fair products and a worthy addition to the arsenal of software protecting your computer.

Spysweeper Product Information

  • Occasionally Run Online Virus Scans – Unfortunately not all antivirus programs are created equal. Each program may find infections that other antivirus programs do not and vice-versa. It is therefore recommended that you occasionally run some free online antivirus scanners to make sure that you are not infected with items that your particular antivirus program does not know how to find. Three online scanners that we recommend are:

Every once in a while, maybe once every 2 weeks, run one or both of these scanners to see if they find anything that may have been missed by your locally installed antivirus software. Believe me, you will not regret it!


For regular updates on the latest spam, malware and ransomware threats, please check or blog regularly.


© 2013-2018 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.