Here's a policy question, based on the mail going to people who
have the keylogger trojan installed.
If this isn't already happening, I think it would be an excellent idea
to include the person who is responsible for those machines to be
CC'd on the mail.
I would love to get a notice of any and all machines that I maintain
that have problems. Sending mail to the entity that dhcp registered
the machine, would be great, or to the person listed for static IP
Apologies if this is already being done.
On Tuesday 06 April 2004 06:10 pm, Jeff Goeke-Smith wrote:
> We have been informed of a number of hacked machines on campus.
> These machines have been compromised with a keylogger. Below is the
> message we will be sending out to the registered owners of those
> ----- Forwarded message from MSU Abuse Response <[log in to unmask]>
> From: MSU Abuse Response <[log in to unmask]>
> Subject: [MSU Network Abuse] Your machine infected with KEYSTROKE LOGGER
> To: realname
> This machine has been infected with a "keystroke logger" which is
> capable of stealing all passwords or credit card numbers typed in
> through it. This machine was found to be part of a network of
> compromised machines, so the risk to your personal information
> is VERY HIGH.
> - -----
> We have received one or more reports indicating that a computer under
> your control or associated with your user id is infected with a virus.
> The computer was located in <location> on 03/ /2004
> and is registered via DHCP as follows:
> (replace with DHCP registration info)
> This virus is causing your computer to behave in a disruptive manner,
> either by sending virus-laden e-mail messages, by sending network
> probes, or both. Depending on the virus, it may also allow remote
> access to your computer system, or it may delete files or damage the
> operating system on your computer.
> In order to stop these actions, you need to update your virus software
> and make sure that it eliminates this virus from your system. If you
> need help with this task, you should contact the Computing Service
> Centers, at 432-6200 or "[log in to unmask]". You may also want to consult
> the following web sites for more details:
> You must also ensure that your computer's operating system
> has all the current patches. For Windows computers, Microsoft
> is releasing critical security patches almost every month;
> you need to run Windows Update regularly to install them.
> If we receive further complaints concerning your computer, your network
> access may be disabled for the protection of your computer and others.
> Please respond to "[log in to unmask]" when the problem has been corrected.