Compromised Computers or Devices
A Compromised Computer is defined as any computing resource whose confidentiality, integrity or availability has been adversely impacted, either intentionally or unintentionally, by an untrusted source. A compromise can occur either through manual interaction by the untrusted source or through automation. Gaining unauthorized access to a computer by impersonating a legitimate user or by conducting a brute-force attack would constitute a compromise. Exploiting a loophole in a computer’s configuration would also constitute a compromise. Depending on the circumstances, a computer infected with a virus, worm, Trojan or other malicious software may be considered a compromise.
Symptoms of a compromised computer include, but are not limited to, the following:
- Frequent pop-up windows, especially the ones that encourage you to visit unusual sites, or download antivirus or other software
- Changes to your home page
- Mass emails being sent from your email account
- Frequent crashes or unusually slow computer performance
- Unknown programs that startup when you start your computer
- Programs automatically connecting to the Internet
- Unusual activities like password changes
UTHSC Owned Devices
UTHSC is required by various state and federal regulations to investigate any incident that may involve the breach of personally identifiable information and other non-public information according to GP-002-Data and System Classification. UTHSC is also required to notify an individual if the privacy of their personally identifiable information has been breached. Failure to preserve evidence or conduct an investigation related to a compromised computer could result in unnecessary financial costs for the institution. It is also important that the details of a compromise and the ensuing investigation remain confidential. The Office of Cybersecurity has IR-001-Security Incident Response which outlines how UTHSC responds to incidents regarding our devices, data and systems.
Personally Owned Devices
If the symptoms stated above are occurring on a personally owned device, there are things to do immediately to mitigate the threat to your device and information. Note that UTHSC does not offer any guarantee on remediating personally owned devices.
-
-
- Reset your passwords on every account to which that device had access
- Log out of all online accounts
- Disconnect from the internet
- Remove external hard drives, such as USBs or any other attached devices
- Scan the device for malware and viruses
- Wipe the hard drive if necessary – hopefully you have a backup of your data
- Closely monitor credit and financial accounts
-
Lastly, to avoid being targeted again, here are some tips:
-
-
- Keep security (antivirus/antimalware) up-to-date
- Keep all operating systems and software up-to-date
- Maintain strong passwords
- Do not leave your device unattended in public
- Keep files backed up
- Keep security (antivirus/antimalware) up-to-date
-
Students
UTHSC recommends using Microsoft Defender, the built-in antivirus and malware protection for Windows. Additionally, Microsoft Defender will provide antivirus and malware protection for macOS. The University of Tennessee Knoxville has the macOS options available on the OIT Software Distribution Site.
If you downloaded Malwarebytes before the university's contract with that vendor expired, we recommend that you remove the software as you will be unable to renew your university subscription.