On Feb 28, 2002, an unauthorized program was discovered running on a University machine. After investigation, the IT group determined that this unauthorized program was a "remote control", allowing the intruder to control this machine remotely. The program gives the intruder the ability to conduct network attacks on other hosts (through denial of service), as well as access to use the machine as a base of operations for intruding into other computers.
The IT group figured out how the intruder got in, closed that hole, and then uninstalled this "remote control". We estimate the cost to the University in handling this incident at $2132.07, and we've notified state and federal law enforcement about the incident.
We've published a technical advisory so that other system administrators can detect and remove this program. We also recommend a review of the security policies in place at the University.
<<< Previous | Home | Next >>> |
Timestamp Information for Submission | Advisory |