Question:

How does Virginia Tech Information Technology handle compromised accounts or machines?

Answer:

How Virginia Tech Information Technology Handles Compromised Accounts or Machines

Virginia Tech's Information Technology Security Office and the 4Help computing consulting team are committed to helping keep your accounts, your data, your identity, your computer, and university information technology systems safe. Each member of the Virginia Tech community also has a duty to be aware of potential threats and to use safe practices while operating computers and using network resources. Awareness is critical for ensuring your safety from online threats. For valuable information on staying CyberSafe, see http://www.awareness.security.vt.edu/.

Should your computer become infected, please refer to Removing Viruses and Malware from Windows or Mac OS.

How Is a Compromise Discovered?

If you believe that you have been a victim of a phishing attack, or that your password has been compromised, promptly notify 4Help by calling (540) 231-4357, and then change your password by following the instructions at Changing My Password.

A report of a compromised user account or machine can originate from a variety of sources:

• Compromised machines may impact the network or individuals' computers;
  
  
• Compromised credentials (for example, VT Usernames or Hokies IDs) or compromised email accounts may show suspicious patterns of activity;
  
  

What Happens When a Compromise Is Reported?

When 4Help receives a report of a compromised account or machine, the following steps will be taken:

1. If a machine is harming the Virginia Tech network or others' computers, the machine may be remotely disconnected from the network.
   
   
2. If an account is compromised (VT Username, Hokies ID, Exchange account, VT Google Apps, or Banner), 4Help will reset the account password. If it is a serious account compromise, 4Help reserves the right to reset all account passwords for the given user.
   
   
3. 4Help will attempt to contact the user and discuss the compromise:
   
   
   • You may be asked several questions to help identify the source of the compromise, for example: Did you respond to a phishing email recently?
     
     
   • You will be asked to locate and identify the offending device by its MAC (media access control) address. For instructions on finding the MAC address of a computer:
     
     
     • For Windows, see Find your Windows network adapter's MAC address.
       
       
     • For Mac OS, see How to Find Your MAC Address in Mac OS X.
       
       
   • We will assign and provide an incident number to you.
     
     
   • We will suggest you change all passwords: both VT and non-VT, for your protection.
     
     
   • We will refer you to educational sites.
     
     
   • We will recommend that you run a full antivirus scan, and possibly refer you to our Clean it Up page.
     
     
   • We may recommend that you reformat your computer in the case of serious threats.
     
     
4. If it is a university-owned machine, we will ask whether the machine stores personally identifying information such as social security or credit card numbers, driver's license numbers, etc.
   
   
5. Once we have verified that you have completed the necessary remediation steps, we will request that your account be re-enabled.

Please note that it may take up to 24 hours or longer, during weekends, to restore your account access.