On Oct. 14, 10 K-State computers had their network access blocked because they were compromised and all talking to the same botnet controller. Most if not all the computers had some relationship to one particular department and they were communicating with the botnet controller using the instant messaging (IM) protocol used by Windows Live Messenger (also known as Windows Messenger or MSN Messenger).
It appears that one computer was compromised and had malicious software installed on it that automatically sent instant messages to everyone in that person’s MSN Messenger contact/buddy list. These malicious instant messages consisted of “he he :)” and a link to a website. Since the recipients thought the instant message was from a colleague, they trusted it and clicked on the link, which in turn infected their computer.
Lessons learned from this incident:
- Instant messaging is also a channel for malicious attacks that can take over control of your computer.
- Do not trust a message or e-mail with a link in it, even if it appears to be from someone you know.
- If your computer gets compromised, you may jeopardize the security of your friends’ and colleagues’ computers.
- Antivirus software cannot stop all attacks; the malicious software used in this attack was a new variant that was not yet identified by K-State’s antivirus software.
Think before you click!