Search Information Security site

 

Frequently Asked Questions

The following is a list of frequently asked questions (FAQs) concerning abuse complaints and the way these incidents are processed. If after reading it, you still have a question, email abuse@virginia.edu

What happens after the IT Abuse Team receives a report?

If the incident puts the security of the network and other computing devices at the University at risk, the IT Abuse Team will attempt to notify the responsible party (individual/departmental contact) for the device causing the problem. We try to provide sufficient information, so the recipient of the message can determine which device is being reported along with a step-by step guide for what to do.

Brief guide to dealing with a compromised computer or device

  1. DISCONNECT the computer described from the UVA network (both wired and wireless) and then reply to our email to let IT Abuse team you are working on it.

  2. If you are a UVA employee, SCAN the disconnected computer for highly sensitive data using Identity Finder (available here) If you're a UVa student, skip to Step 4 below.

  3. If highly sensitive data (HSD) is found, STOP, contact us using the Information Security Incident reporting form and await further instructions. Do NOT attempt any clean-up of the malware until we say it's OK.

  4. If no HSD is found, CLEAN up the computer with a malware removal utility, and notify us when the computer is clean and that no highly sensitive data were present.


Failure to reply within 12-24 hours to the email report from UVA IT Abuse will result in the computer (device) being disconnected (blocked) from the UVA network. The IT Abuse team may block a computer (device) from the UVA network immediately -- with no warning -- if the situation warrants it. For example, if a malware infection is severe, or we receive additional reports that the device continues to be a problem, or new reports are received for a computer that's been reported as cleaned up, the IT Abuse team will re-block a computer (device).


If the computer is blocked, when you open a web browser, e.g, Internet Explorer (IE), Chrome, or Firefox, you will be re-directed to the Network Registration Block webpage. All of the computer's Internet traffic is blocked or redirected to this website.

In order to remove the block, first complete the steps above, then return to the Network Registration Block webpage where you can resolve the issue by attesting that no highly sensitive data was found and the computer (device) has been cleaned up.

If no response is received within the indicated time frame, the IT Abuse Team will take steps to prevent the device from continuing to cause problems. The above process varies depending on the ability to locate a contact peron for a problematic device, and the nature of the problem it is causing. The IT Abuse Team may respond to more serious problems by calling the contact for the device or even by putting an immediate block on the device without prior notification.

How do I stop unsolicited email messages?

Many of these messages originate from sites that forge mail headers to disguise the true source. Some of the forged headers implicate sites that have strong responsible computing orientations and have nothing to do with the delivery of the message to you.

Do not reply to the sender or click on any links in these messages. Do not download or open any attachments. Although the University blocks the vast majority of spam messages coming into our servers, some occasionally get through. Deleting them is the most effective way to deal with them.

If either the nature of the message content or the volume of mail you are receiving creates a problem for you, please feel free to contact the IT Abuse Team, so we can look into your specific situation. Please include the message text and the full headers of any one of the messages that concerns you.

Does the University censor individual's web pages?

No, the University does not censor individual's web pages. This community is committed to the Jeffersonian ideals of intellectual inquiry and responsible free speech. The University enforces all applicable state and federal legislation within this context, and expects members of this community to act responsibly with technology resources. Violations of applicable laws are not permitted and may result in disciplinary action, including the loss of access to University IT resources.

Is it possible to catch a computer virus just by reading an email message?

Generally speaking, you cannot catch a computer virus just by reading an email message. You might, however, receive an email containing a link or an attachment.  When you click the link or open the attachment, you may visit a malicious website or unknowingly execute malware, which goes beyond simply reading an email message, and that could infect your computer. In an effort to make mail easier to use, some manufacturers have begun to execute attachments automatically, or to support software, like Java, embedded in mail. If you open the attachment without checking it first with virus protection software, you could infect your computer with the virus.

Why didn't the IT Abuse Team do something about the offensive email I reported?

The IT Abuse Team intervenes when there has been a violation of University technology policies and/or statutes. One of the guiding principles of our community is that individuals are responsible for their actions, including their behavior in cyberspace. Unfortunately, it is not always easy to determine when a violation of University policies has occurred. Sending someone a rude or offensive message, for example, does not automatically constitute an abuse of University information technology resources or statutes. For example, if someone sent the same message in a typed letter, you might have little recourse. If an individual, however, forges this message to make it appear that it is coming from someone other than the true sender, this action would be considered misuse of University resources, and the IT Abuse Team would intervene. It is sometimes a difficult distinction to make. Some communications, while annoying or hurtful, do not necessarily constitute an abuse situation. In situations where the complaint is not a technology abuse issue, members of the IT Abuse Team advise affected individuals about other courses of action available to them.      

Report an Information
Security Incident

Please report any level of incident, no matter how small. The Information
Security Office will evaluate the report and provide a full investigation.

Complete Report Form