Educause Security Discussion mailing list archives
<SPAM> Re: user account compromise?
From: Stephen John Smoogen <smooge () UNM EDU>
Date: Thu, 24 Apr 2008 15:00:29 -0600
Barros, Jacob wrote:
Ken and all. That was it. He did reply to one of those phishing scams. No more than 12 hours before the SPAM was launched. Any non-internal legal advice would be appreciated.
I won't even try to give 'legal' advice as I am not a lawyer and do not know anything about the laws in your state, region, etc etc. The two big things I would do is log all time being used for this event, and if you are not trained in forensics find someone who is before touching any of the machines to see whats going on. [If thats already too late, then I would stick with logging all time and actions done by administrators and users.] After the cleanup is done, do a post-mortem with your staff, your management and university legal to go over how much this cost the university, the amount of downtime due to mail not being accepted, etc. From this management and legal can come up with a better idea of what should be done (if in the future we were to spend X hours making sure users are educated, we wont spend Y hours dealing with this.. but may only spend Z time.) -- Stephen Smoogen -- ITS/Linux Administrator MSC02 1520 1 University of New Mexico Albuquerque, NM 87131-0001 Phone: (505) 277-8219 Email: smooge () unm edu How far that little candle throws his beams! So shines a good deed in a naughty world. = Shakespeare. "The Merchant of Venice"
Current thread:
- <SPAM> Re: user account compromise? Stephen John Smoogen (Apr 24)
- <Possible follow-ups>
- <SPAM> Re: user account compromise? Cal Frye (Apr 24)
- Re: <SPAM> Re: user account compromise? Dick Jacobson (Apr 24)
- Re: <SPAM> Re: user account compromise? Stephen John Smoogen (Apr 24)
- <SPAM> RE: user account compromise? Jenkins, Matthew (Apr 24)
- <SPAM> Re: user account compromise? Paul Russell (Apr 24)