Management Security Advisory


Compromised System

An application has recently been found on one of our servers. This application has been placed on the system to secretly control this and other machines. This application requires the highest level privileges to install so the system security was completely compromised.

The foreign application

After analyzing this application, we have learned of it's purpose and intentions. This application disguises itself on the system and listens for secret network communication. The intruder can send specially form network packets towards the machine that the firewall will not stop. These packets are then interpreted by the application. The intruder can effectively communicate and control this application and the host it resides on secretly.

Defense

The application has been removed from the system and we are in the process of restoring and securing the compromised machine. Our Intrusion Detection systems have been updated to identify the secret communication on the network. Also we have taken steps to block these network packets at the firewall. This will affectively stop this application from working. The application does not encrypt itself so the networking staff will shortly be circulating an application for your servers to check for this applications "signature". This application was compiled to work solely on Linux based systems but it could likely have slight variants that would run on other UNIX servers. To ensure that all instances of it are properly removed please contact the networking division if you would like someone to specifically check your UNIX systems.


Back to Index