compromised machine as ASU

[fred anger <anger () RIGHTARM ORG>]

Greetings.  I run an OpenBSD machine that provides mail and shell access
to a few of my friends via secure shell.  No telnet nor ftp.  Some users
use imap to check mail, but their logins are disabled.  Anyway, yesterday,
a friend ssh'ed in from a machine at Arizona State University -
general3.asu.edu - checked her email and logged out.  Two minutes later,
another ssh connection from general3.asu.edu was logged, as well as
another login to her account.  I probably wouldn't have noticed, but sudo
sent me a message noting that the user tried to use sudo (I don't have a
sudoers file).  This friend has no idea what sudo is or does, and she's
positive she did not log in twice within 2 minutes yesterday, so I'm
guessing the ssh client on general3.asu.edu has been trojaned and is
logging passwords, and that the 2nd connection was a cracker who owns (at
least) general3.asu.edu.

I have no idea who to contact at ASU regarding this, so if anyone has any
ideas, please let me know.  Thanks.

-fa