Unauthorized Use of Serv-U
Serv-U is secure file transfer server for Microsoft Windows and Linux platforms. Its core purpose is to make file exchange and access to business documents from anywhere easy and affordable.
Enabling Serv-U administrators to validate the authenticity of the deployment is another way Serv-U provides assurance that any critical data being transferred is not being siphoned off using a decoy deployment.
Cyber criminals that target data theft use various techniques to try and trick a user into using an illegitimate instance of file transfer tools. These techniques include unauthorized use of trial versions or compromising an endpoint and deploying unauthorized copies of file transfer software.
Serv-U software provides an easy way for administrators to ensure the authenticity of deployments at anytime by verifying the X.509 signing certificate.
- Downloading software directly from http://www.Serv-U.com
- Looking up your account via our Customer Service Center or sales support
- Making sure your installation of Serv-U has an “Uninstall” option in the Serv-U program group (a.k.a. “Start Menu”)
- Making sure your installation of Serv-U has an “Uninstall” option in your Control Panel’s “Add/Remove Programs”
- Checking the digital signature on your Serv-U executable (see below)
How to Check the Digital Signature on Your Serv-U Executable (on Windows)
- Go into the directory where Serv-U is installed. (e.g., “C:\Program Files\RhinoSoft\Serv-U”)
- Right-click the “Serv-U.exe” file in that folder and select “Properties”.
- Go to the Digital Signatures tab. IF THIS TAB IS MISSING, YOUR INSTALLATION MAY NOT BE LEGITIMATE.
- Look for the “Rhino Software, Inc.” entry in the “Signature list”. Select it and click the “Details” button. IF THIS ENTRY IS MISSING, YOUR INSTALLATION MAY NOT BE LEGITIMATE.
- Make sure the Name on the certificate is “Rhino Software, Inc.” and that the Countersignature is “VeriSign Time Stamping Signer - G2”. IF THIS INFORMATION IS DIFFERENT, YOUR INSTALLATION MAY NOT BE LEGITIMATE.
How Can An Unauthorized Edition of Serv-U Get Installed?
Serv-U cannot install itself on your computer. If you did not authorize Serv-U’s installation, it was installed through one of three ways.
1) Employee or contractor with local system access.
One of your trusted employees or contractor may have installed Serv-U to transfer files (usually a lot of files) from one machine to another. They may have installed Serv-U against policy or may have forgotten about their one-time use.
2) Malware or virus.
Some malware packages may incorporate or download an illegally cracked early version of Serv-U. To prevent this, run a current antivirus package and use a firewall.
3) Hacker with local system access.
A hacker with full control of your system can install any software package he or she chooses. Sometimes that software package is Serv-U, because Serv-U can be used to share files with anyone who can access that computer. To prevent this, run a current antivirus package, use a firewall and watch your security logs.
What Should I Do If I Find an Unauthorized Copy of Serv-U Installed?
First, find out if you are running a legitimate version of Serv-U (see above).
If you are running a legitimate version, use the existing “Uninstall” option to remove it. (Or purchase a license if you want to keep Serv-U.)
If you are NOT running a legitimate version, it is likely that your machine has been compromised. Please follow your local security policy to contain and clean (often, wipe) the machine.
Where Can I Get Additional Help?