University of Illinois CS department machines compromised

Several computers in the University of Illinois Computer Science Department have apparently been compromised to host malware-serving websites, security researcher Conrad Longmore has noted yesterday.

The compromised machines are tarrazu.cs.uiuc.edu, croft.cs.illinois.edu, tsvi-pc.cs.uiuc.edu, mirco.cs.uiuc.edu, ytu-laptop.cs.uiuc.edu, node3-3105.cs.uiuc.edu (all hosted in the 128.174.240.0/24 range), and are connected to a recent spam run impersonating Amazon.

Longmore has tied the malicious domains and the IP addresses to a gang he dubbed “Amerika”, which he believes to be comprised of Russian cybercrooks that usually uses fake US addresses when registering domains.

Until the university moves to clean its affected computers, he advises blocking the entire IP range.