Recognizing Attacks

If you are concerned that your computer has been compromised, here are some signs to look for. These symptoms may indicate that your computer has been hacked or been infected with malware.

  • A dramatic increase in pop-up advertising even if you do not click on links.
  • System is very slow, unable to connect to network services, or simply non-functional. These symptoms may be indicative of a "denial-of-service" attack (an attack aimed at preventing you from using a certain resource.) If you find that you are unable to connect, first check to see if other people are having the same problem. If it is isolated to your system, and you have not been informed that the Tufts network is experiencing issues, then the problem may indeed be the result of a malicious hacker.
  • Unexplained disk activity. Be aware that some systems do disk-related cleanup while the system is idle, so this may be merely system "housekeeping."
  • System appears to be less responsive than expected.
  • Fake antivirus notifications. They may appear as pop-ups that you that you need to update your protections
  • Toolbars that show up in browsers-- if you didn't put it there it may be recording your passwords and other information; it could redirect you to a fake search tool so check the URL
  • Rebooting randomly as it is installing malware (or a bad power supply)
  • Random error messages
  • Applications (browsers) crashing consistently
  • Passwords for commonly used sites no longer work

If you believe your system has been attacked, consider following these steps:

  • Disconnect the machine from the network. This will prevent an attacker from doing further damage to your system, and from using your system to attack others. To disconnect a desktop machine, simply unplug the ethernet cable, or if the computer uses a wireless connection, either deconfigure the wireless card or physically pull the card out of the socket. If you are not sure how to disconnect from the network, contact your IT Support Provider.
    • Note: Do NOT turn the machine off or reboot unless instructed to do so by Information Security. It is possible that processes left by an attacker may not get restarted after rebooting, which will make it more difficult for Information Security to determine the cause of your problem. Furthermore, other hacks left on the machine may take effect during reboot. Leave your computer powered on and disconnected from the network unless otherwise instructed.
  •  Contact your IT Support Provider so they can come evaluate the situation. Be sure to include the machine name, operating system type and version, contact person, and any other information relating to the suspected event.
  • If follow-up is needed, either your FSP or a representative from Information Security will get back to you.
  • To preserve system logs and other data, DO NOT use the machine after it has been disconnected from the network. Await follow-up from your FSP or Information Security.
  • You will receive a response from your FSP or Information Security with further inquiries and instructions regarding your case. Once your system is secure, notification will be sent letting you know that it is safe to reconnect your machine to the network.

Adapted with permission from the MIT Knowledge Base

If you suspect your computer has a virus or malware, do:

  • Disconnect the machine from the network. This will prevent an attacker from doing further damage to your system, and from using your system to attack others. To disconnect your machine, simply unplug the ethernet cable, or if the computer uses a wireless connection, either deconfigure the wireless card or physically pull the card out of the socket. If you are not sure how to disconnect from the network, contact the Technology Support Center.
    • DO NOT turn the machine off or reboot unless instructed to do so by Information Security. It is possible that processes left by an attacker may not get restarted after rebooting, which will make it more difficult for Information Security to determine the cause of your problem. Furthermore, other hacks left on the machine may take effect during reboot. Leave your computer powered on and disconnected from the network unless otherwise instructed.
  • Contact the Technology Support Center or bring your computer to their office located on the Medford campus in Eaton Hall (Google Maps). Be sure to include the machine name, operating system type and version, contact person, and any other information relating to the suspected event.
  • You will receive a response from the Technology Support Center or Information Security with further inquiries and instructions regarding your case. Once your computer is secure, notification will be sent letting you know it is safe to reconnect your machine to the network.

Adapted with permission from the MIT Knowledge Base

Call: 617-627-3376
Email: it@tufts.edu
Walk-in Hours: Monday - Friday: 9 AM to 5 PM

If you suspect your computer has a virus or malware, DO NOT:

  • Launch a return attack on the suspected source system.
    Incoming attacks often use forged source addresses, so that any repercussions fall to an innocent third party. Denial-of-Service attacks cause damage and inconvenience to innocent parties that share network or system resources with the actual party being attacked.
  • Engage in a verbal/textual "flame war" with the suspected attacker.
    The actual identity of the attacker is often purposefully obscured, and your response may inadvertently target an innocent third party. Due to the possibility of legal ramifications, attacks on the Tufts network are a matter to be dealt with officially by IT staff only.

Adapted with permission from the MIT Knowledge Base.