Computer Compromises

What does “compromised” mean?

“Compromised” is a nice way of saying that someone or something has maliciously broken into your computer without your knowledge or permission. It means that you can not trust the integrity of any file on your computer (including program files, image files, operating system files, etc.). You can not find out what has been done to your computer files without an exact “before the compromise” copy to compare your files against, and you probably will never know what has been done with your personal information, including your passwords or where your personal information has been sent.

Why should I care?

To begin with, if your personal computer has been compromised and the compromise is detected, access to the UNC-CHapel Hill network will be denied to your computer until the compromise has been resolved. Most often, this means re-imaging your computer. Compromised computers on the network pose a threat to the remaining computers on the network because they facilitate the spread of viruses and other malware. Most importantly, a compromise of your computer can also pose a threat to you, because it increases the chances of ID theft or copyright infringement.

If your computer was involved in an Internet Distributed Denial-of-Service (DDoS) attack without your knowledge, it probably has robot (“bot”) programs installed which intruders can activate at any time. A Distributed Denial-of-Service attack refers to bringing down a system or network by attacking it at the same time from a large number of compromised systems. Many bots are associated with trojans, keyloggers (everything you type into your computer, including passwords and bank account numbers, is sent to a remote computer), and Warez servers (to share copyright software, music, and movies from your machine, at your risk of liability instead of theirs).

New viruses and worms use multiple methods to spread, such as through e-mail, file sharing, web site links, un-patched and unsecured computers, and increasingly through web-based or multi-media applications such as Apple’s QuickTime, Windows Media Player, and Adobe’s FlashPlayer. Anti-virus software may or may not be able to detect the presence of such malware, and may not be able to repair it. Often a successful remediation depends on whether any operating system programs have been altered.

If your computer was not used in an attack, you may have the option of attempting to remove any files or programs that were associated with the compromise. For simple virus infections, it may be that a computer can be cleaned by simply removing the dangerous files or software. A more complex procedure is required in a “system compromise,” in which the mere removal of files and software is not sufficient to clean the computer. In such a situation, the disk drive will have to be reformatted. The ITS Response Center can advise you as to the degree of the compromise and resulting infection. If reformatting the disk is required, all files that were not involved in the compromise should be backed up, because reformatting the disk will completely erase all contents. Again, the ITS Response Center staff can assist you with backing up your data and providing loaner computers, if any loaners are available.

How to minimize the risk of a future compromise

To minimize the risk of future compromise, follow these guidelines:

Be sure that any built-in firewall which came with your operating system is turned on. If your operating system did not come with a firewall, consider using an add-on personal firewall, such as ZoneAlarm from Zonelabs.

Ensure that all current security updates are installed for your computer, including antivirus programs and software patches (available from websites such as Updates for Windows).

Minimize downloads of software from non-UNC-Chapel Hill-supported sites or only use download sites from trusted companies.