A computer virus in an attached Microsoft file has been spreading through University of Wyoming email accounts, according to UW Information Technology.
UWIT, which emailed a warning about the new virus on Friday, is currently working to block and remove the virus from University machines.
Suspicious emails to UW accounts like this virus and phishing scams have become much more common in the last few months. These messages often masquerade as legitimate and usually contain some sort of malware designed to steal personal information.
In this case, the virus has been attached to emails in a Word or Excel file.
“Unfortunately, one or two UW users opened the file and it downloaded malware to their computer,” wrote Brett Williams, interim director of Client Support Services, in an email to the Branding Iron.
Once downloaded, the malware requests “enable Macros,” an automated sequence that normally replaces repetitive actions in Word or Excel, such as highlighting all cells with comments. Instead, it activates the virus, which then starts emailing the user’s contacts with different malware files to spread itself.
This malware is a “port-blocking” virus, which prevents the affected computer from making connections with other computers on the network.
UWIT has introduced several measures that are designed to stop the tide of malware and phishing, such as mandatory two-factor authentication and clearly marking messages that come from outside the UW network. The authentication method was required for all UW faculty and staff last semester after over 30 UW email addresses were compromised in a month.
Two-factor authentication, Williams wrote, “along with the external email tagging and mandatory security training for UW employees has led to a significant decrease in the number of compromised accounts at UW.”
Faculty, staff and students receive a combined total of over one million emails per day, only 472,000 of which UWIT marks as legitimate. To sift through the mix, UWIT uses several different programs to prevent potentially harmful emails from ever reaching a network user’s inbox, like Sophos Pure Message, a program that quarantines suspicious mail, and Microsoft’s Exchange Online Protection, which protects the network from cyberattacks.
With this many messages to screen, however, blocking every malware or phishing email is a challenge.
“Unfortunately, a small amount of phishing and malware still gets through the various blocks and filters. As spam and phishing gets more and more sophisticated and more targeted to specific users, it may get through,” Williams wrote.
Students can report suspicious emails to the UWIT help desk at userhelp@uwyo.edu. After reporting the email, there is no need for students to take additional action, and suspicious messages can be deleted.
If you think your UW workstation has been infected, you can email or call the help desk at 307-766-4357, or use the Service Catalog to file a request for assistance.