Management Security Advisory
Compromised System
An application has recently been found on one of our servers. This application
has been placed on the system to secretly control this and other machines.
This application requires the highest level privileges to install so the
system security was completely compromised.
The foreign application
After analyzing this application, we have learned of it's purpose and
intentions. This application disguises itself on the system and listens
for secret network communication. The intruder can send specially form
network packets towards the machine that the firewall will not stop. These
packets are then interpreted by the application. The intruder can effectively
communicate and control this application and the host it resides on secretly.
Defense
The application has been removed from the system and we are in the process of
restoring and securing the compromised machine. Our Intrusion Detection
systems have been updated to identify the secret communication on the network.
Also we have taken steps to block these network packets at the firewall.
This will affectively stop this application from working. The application
does not encrypt itself so the networking staff will shortly be circulating
an application for your servers to check for this applications "signature".
This application was compiled to work solely on Linux based systems but
it could likely have slight variants that would run on other UNIX servers.
To ensure that all instances of it are properly removed please contact the
networking division if you would like someone to specifically check your UNIX
systems.
Back to Index