Iowa State University

ITInformation Technology

Security Update: Windows 2000 Systems Compromised on Campus

This news item expired September 9, 2005. It may contain out-of-date information.
To date, almost a hundred Windows 2000 computers/servers on campus have been compromised. Information Technology Services (ITS) Security has disconnected the machines from the Iowa State network and is investigating the situation. We have attempted to contact the individual machine owner or notify the relevant support staff.

Hackers are using the compromised systems to run their own file servers, a backdoor (remote control program), and other hacker programs. The file server and hacker tools are shielded from detection by a rootkit, which prevents detection of the hacker tools.

The nature of this sort of compromise generates other security concerns. In this case, the hacker has complete access to the affected computers and to information kept on the computers.

If you suspect your computer or server may have been compromised or hacked, contact ITS Security immediately via the online form at http://www.it.iastate.edu/incident.html. They can help you analyze the situation and take appropriate steps.

If you have questions about keeping your computers and information secure, contact the Solution Center at 515-294-4000.

Check the IT website at http://www.it.iastate.edu/ for any updates.

For more information on the vulnerability, see:
http://www.microsoft.com/technet/security/bulletin/MS05-039.mspx