Unauthorized keystroke logging - US Secret Service Request

CHFA|TECH has verified our servers that could be effected by this are clean. Steps are being taken to verify public stations are clean also.

Below is an e-mail sent to the University Technology community form Garry Bozylinsky of UNI ITS:

The US Secret Service has the responsibility to conduct Federal
investigations that focus primarily on offenses against the laws of the
United States relating to government securities, credit and debit card
fraud, false identification crimes, fraudulent schemes and other
organized crime that impacts access to computer and telecommunications
systems.

During a recent investigation the Secret Service identified an
individual who installed commercially available computer system
administration tools on campus terminals in public areas. These
installations were accomplished through physical access to a removable
data storage drive however, the same executable files could be delivered
as an email attachment. The programs consisted of key stroke logging
programs and remote administration tools.

The US Secret Service is requesting that Chief Information Officers
ensure that their system administrators and/or system security personnel
review existing networks for the following files or programs: "Starr
Commander Pro", "STARRCMD.EXE", "RADMIN", and "ISPYNOW." The software
has been found in the route path of "C:\WINNT\SYSTEM32\KREC32", but may
be found in other areas of a network.


Information posted by Chris Conklin, 6/20/2002 8:58:56 AM.