A computer is considered compromised if:
- The device allowed an unauthorized individual to authenticate and perform tasks on the system
- The device was physically tampered with in a manner that allows it to capture information and/or bypass controls
- The device had malicious software installed on it through the action of an activated virus or piece of malware, or through the exploitation of a system vulnerability.
When a system is compromised, it may exhibit some of the following signs:
- A sudden reduction in the computers' performance,
- Unusual behaviors, such as windows briefly popping up and closing down,
- Application programs terminating and restarting again,
- Sporadic failed logins, even though you are certain you entered the password accurately.
In some cases, the suspicious behaviors may be simply a case of software, hardware or data entry errors, but erring on the side of caution is always advised. If malware is the cause, it can perform a variety of activities on your system, such as capturing sensitive information (including passwords) that you key into the system, altering stored data, holding your data for ransom, or disrupting service, so it is important to determine, as soon as possible, whether or not malicious activity has occurred. If you suspect that your computing device is compromised, you should immediately:
- Physically disconnect the system from the network,
- Power down the system, and
- Contact the UCT Support Center at extension 2828 or firstname.lastname@example.org for assistance in determining the cause of the behaviors and next steps.
We ask that you take the above steps for the following reasons:
- To contain the damage to your system
- To keep your computer from attacking other systems, and
- To prevent the malicious activity from "covering its tracks" which may enable us to:
- Determine the type and source of the attack, and
- Possibly collect evidence in case criminal activity is identified.