Investigate Findings on Malware
| Malware Infection Details |
The following are descriptions of compromises by the malware to the Information Technology (IT) systems of Aim Higher College.
Common Points
All compromised systems are running Windows XP or Windows Server 2012 R2.
Compromised systems have been detected connecting to a known botnet Command and Control system.
Network flows show that compromised systems send large amounts of traffic to selected hosts.
The campus antivirus package does not detect the malware on compromised systems; however when drives are removed and scanned, portions of the malware are detected by specialized anti-malware tools.
The compromises appear to have been occurring for at least two months, with signs that they may have existed up to four months prior to the initial report of compromise.
Summary of compromised Administrative systems
Seven administrative workstations have been compromised.
These workstations include systems belonging to three administrative assistants, one dean, one assistant dean, and two departmental support staff members.
Summary of compromised IT Management systems
Three IT staff workstations belonging to the following roles have been compromised:
Active Directory domain administrator
Desktop support staff member
Project manager
Summary of compromised Faculty systems
Six faculty systems have been compromised, five of which are in the College of Liberal Arts.
Summary of compromised Student systems
The Help Desk reports a high rate of compromise of student systems, and the repair center has handled more than thirty cases this semester.
© 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved.
www.jblearning.com Page 1