Your ResNet computer has been compromised…

 What does “compromised” mean?

“Compromised” is a nice way of saying that someone or something has maliciously broken into your computer without your knowledge or permission.   It means that you can't trust the integrity of any file (program, document, spreadsheet, image, etc.) on your computer.  You can't find out what's been done to your computer files without an exact “before” copy to compare them with, and you probably won't ever know what's been done with your personal information, including your passwords, or where they've been sent.

 Why should I care?  

If your computer was involved in an Internet Denial-of-Service attack without your knowledge, it probably has robot ("bot") programs installed which intruders can activate at any time.  ("Denial of Service" refers to bringing down a system or network by attacking it.)   Attack programs are usually hidden inside other programs (a “trojan horse”) or in hidden directories, or are disguised with nondescript names. Their install often involves changes to your system that make them very difficult, or impossible to remove. These types of threats to the Internet must be eradicated before you can reconnect to the campus network.

Many "bots" include other programs such as keystroke loggers (everything you type into your keyboard is  sent to a remote site, including passwords, account numbers, web sites, and messages), remote administration tools (for the intruder to login and steal files or launch attacks from your system), or FTP servers (to share copyright software, music, and movies from your machine, at your risk of liability instead of theirs).  You could end up being a victim of identity theft, or you could be sued for copyright infringement.

New viruses and worms use multiple methods to spread, such as through e-mail, file sharing, web site links, or un-patched and unsecured computers. Because most attacks are blended (meaning that the malware used to infect your computer is a combination of either or all of a trojan, virus, worm etc. anti-virus software may or may not be able to detect the presence of such a program, and may not be able to repair it.  To guarantee a safe and secure computer you should have your computer reformatted to resolve the situation. The ITS Help Desk reformats Student computers for free, visit their website for further details and what you should do before dropping off your computer.

Reconnect your computer to the network.

Once your computer has been reformatted, and if the Help Desk has not already done so, you will have to notify the Information Security and Policy Office and let them know that your machine is ready to be tested. Log in and fill out a Port Enable form at https://ispo-apps.its.uiowa.edu/dports/login to have your network connection restored.

After your network is restored, you MUST follow these steps to STAY ON the network without further compromises!! !

  • Activate your firewall, if you have trouble call the ITS Help Desk (319 384-4357) to assist.
  • Make sure all your security and system updates are current for your system.
  • Tighten up the security of your computer. See http://its.uiowa.edu/security.
  • Re-install your programs from their original media (the CD's or disks that you gathered before the computer was reformatted).
  • Visit the ITS Software Download website to get copies of Campus licensed software - available at no cost to you.