Unauthorized Collection of Personal Information

We have received a confirmed alert about unauthorized programs being installed on publicly accessible computers at a number of universities in Arizona, California, Texas and Florida. Apparently, an individual or group is installing commercial remote administration or key-stroke capturing programs on Windows OS computers in libraries, computer labs and student lounge areas. The programs are used to capture personal information, such as credit card numbers, names and addresses. According to the US Secret Service, the presence of the following programs/files could indicate an exploit: Starr Commander Pro", "STARRCMD.EXE", "RADMIN", and "ISPYNOW." The software has been found in the route path of "C:\WINNT\SYSTEM32\KREC32", but may be found in other areas of a network. It should be noted that most anti-virus products typically exempt commercial programs from their virus database.

We are not aware of any report that such unauthorized programs have been installed on a publicly accessible computer at UC Davis. If you identify a computer that may have been compromised as described above, please contact security@ucdavis.edu.

Reference: http://chronicle.com/free/2002/06/2002062001t.htm

Robert A. Ono, CISSP Information Technology Security Coordinator Information and Educational Technology University of California, Davis (530) 754-6484 Desk