Email accounts of University of Wyoming infected with Virus

As per UW Information Technology (UWIT), an attached Microsoft Excel or Word file in an email infected with a computer virus is spreading through email accounts of University of Wyoming. A warning has been emailed by UWIT regarding this new virus on February 8, 2019, and is at this time UWIT is working for blocking and removing the virus from the University machines.

Suspicious emails to the accounts of UW, like this virus as well as phishing scams, become common in the past few months. These email messages often look like legitimate, and generally contain various kind of malware that has been designed to steal the personal information.

In the current case, the computer virus is attached to the emails in an Excel or Word file. Interim Director of the Client Support Services, Brett Williams, wrote to Branding Iron in an email that "unfortunately, one or two UW users opened the file and it downloaded malware to their computer".

Once the malware got downloaded, then it requests to "enable Macros," the automated sequence which normally replaces the repetitive actions in Excel or Word, like highlighting all the cells with comments. It activates virus, which then started emailing the recipient's contacts with various malware files so as to spread itself.

This malware is "port-blocking" virus, thus preventing the computer that got affected from making connections with the other computers which are on the network.

Several measures have been introduced by UWIT, designed in order to stop the rush and surge of phishing and malware, like compulsory two-factor authentication and marking the messages clearly coming from outside UW network. Williams wrote that two-factor authentication "along with the external email tagging and mandatory security training for UW employees has led to a significant decrease in the number of compromised accounts at UW".

Students, faculty and staff together receive a total of more than one million emails every day, out of which only 472,000 were marked as legitimate by UWIT. Moreover, various programs were used by UWIT to avoid potentially risky and dangerous emails from reaching the network user's inbox, such as Microsoft's Exchange Online Protection that protects network from the cyberattacks, and Sophos Pure Message, the program which quarantines suspicious mail.

Williams further wrote that "unfortunately, a small amount of phishing and malware still gets through the various blocks and filters. As spam and phishing gets more and more sophisticated and more targeted to specific users, it may get through".

» SPAMfighter News - 2/27/2019