On Oct. 14, 10 K-State computers had their network access blocked because they were compromised and all talking to the same botnet controller. Most if not all the computers had some relationship to one particular department and they were communicating with the botnet controller using the instant messaging (IM) protocol used by Windows Live Messenger (also known as Windows Messenger or MSN Messenger).
It appears that one computer was compromised and had malicious software installed on it that automatically sent instant messages to everyone in that person’s MSN Messenger contact/buddy list. These malicious instant messages consisted of “he he :)” and a link to a website. Since the recipients thought the instant message was from a colleague, they trusted it and clicked on the link, which in turn infected their computer.