NAG told us clearly that we need to give a "heads up" whenever
we do a mass mailing to end users, so that computer support people
would not be caught unaware.   Hence the note about the key logger...

As for this mailing, I think it IS going to the address of the person
whom the DHCP registration shows is the owner.  I'm not sure we have
a database that also shows "the entity" that is responsible as well.
I think you really mean the computer support person for that entity;
mailing the chair of the department or college might lead to even more
confusion. In many cases the computer might already be registered to
the computer support person in question, so s/he IS the one who receives
the e-mail.

In any event, I think it's going to be hard to give a heads up to
NAG before we send out a mailing, AND send a mail to the affected
end users while simultaneously mailing their respective computer
support staff...

Maybe this is something to discuss at a face to face NAG meeting?

In this case, as I understand it, there are only a few affected
users, and most are in dorms.  Let's hope this key logging incident
doesn't expand to involve more end users and their NAG support folks.


>Here's a policy question, based on the mail going to people who
>have the keylogger trojan installed.
>If this isn't already happening, I think it would be an excellent idea
>to include the person who is responsible for those machines to be
>CC'd on the mail.
>I would love to get a notice of any and all machines that I maintain
>that  have problems.  Sending mail to the entity that dhcp registered
>the machine, would be great, or to the person listed for static IP
>address machines.
>Apologies if this is already being done.
>--STeve Andre'
>Political Science
>On Tuesday 06 April 2004 06:10 pm, Jeff Goeke-Smith wrote:
>> We have been informed of a number of hacked machines on campus.
>> These machines have been compromised with a keylogger.  Below is the
>> message we will be sending out to the registered owners of those
>> machines.
>> ----- Forwarded message from MSU Abuse Response <[log in to unmask]>
>> -----
>> From: MSU Abuse Response <[log in to unmask]>
>> Subject: [MSU Network Abuse] Your machine infected with KEYSTROKE LOGGER
>> To:  realname
>> This machine has been infected with a "keystroke logger" which is
>> capable of stealing all passwords or credit card numbers typed in
>> through it.   This machine was found to be part of a network of
>> compromised machines, so the risk to your personal information
>> is VERY HIGH.
>> - -----
>> We have received one or more reports indicating that a computer under
>> your control or associated with your user id is infected with a virus.
>> The computer was located in <location>              on 03/  /2004
>> and is registered via DHCP as follows:
>>   (replace with DHCP registration info)
>> This virus is causing your computer to behave in a disruptive manner,
>> either by sending virus-laden e-mail messages, by sending network
>> probes, or both.  Depending on the virus, it may also allow remote
>> access to your computer system, or it may delete files or damage the
>> operating system on your computer.
>> In order to stop these actions, you need to update your virus software
>> and make sure that it eliminates this virus from your system.  If you
>> need help with this task, you should contact the Computing Service
>> Centers, at 432-6200 or "[log in to unmask]".  You may also want to consult
>> the following web sites for more details:
>> You must also ensure that your computer's operating system
>> has all the current patches.  For Windows computers, Microsoft
>> is releasing critical security patches almost every month;
>> you need to run Windows Update regularly to install them.
>> If we receive further complaints concerning your computer, your network
>> access may be disabled for the protection of your computer and others.
>> Please respond to "[log in to unmask]" when the problem has been corrected.