Major virus outbreak at University of Exeter

Graham Cluley
Graham Cluley
@[email protected]

University of Exeter
The University of Exeter in England has reported that it suffered a “severe” virus outbreak, which resulted on its entire network being shut down earlier this week.

Although the University reports that 95% of its network is now back to normal operation, mystery still surrounds what exact piece of malware they were hit by.

ZDNet blogger Zack Whittaker appears to have got some inside information, as he quotes an internal support email which says:

"...this is a completely new virus and we are the only organisation in the world to experience it. None of the mainstream virus software suppliers have seen this virus, and as such, there is no fix."

Sign up to our free newsletter.
Security news, advice, and tips.

It’s not entirely clear to me how the University of Exeter would know that they are the only organisation in the world to encounter the malware, but I’ll let that pass.

In a statement to students, David Allen, registrar and deputy chief executive of the university provided some additional information:

"The University suffered a virus attack ... which we believe came in through PCs running Microsoft Windows Vista Service Pack 2. Experience of dealing with data corrupting viruses elsewhere indicates that it is essential to shut down the network ASAP to avoid so many machines and files being corrupted that it takes weeks to recover. Therefore, although this is a PC rather than a network problem, we had to shut down the network to isolate the virus."

It’s clear that the University’s IT team is pointing the finger of suspicion at computers running Windows Vista SP2, as they are planning to virus-scan all computers running the operating system:

Advice from University of Exeter

University campuses are, of course, complex beasts and the IT teams who secure them can have a tough job. The problem is compounded by having a massive userbase of students who may plug their own devices into the network, or may show little care for the security of a communal computer and put it at unnecessary risk.

For instance, you may have students who are using P2P file-sharing software to download music, software, movies and games. This may not only be putting your educational establishment in hot water, it could also be exposing you to malware risks. Maybe it’s time you applied some control to which programs staff and pupils are able to run?

Keeping up-to-date with security patches and software is a must, as is educating staff and students about the dangers that might be lurking on the internet. It’s not clear at the moment if this is how the un-named virus entered the University of Exeter’s network, but anyone attaching their computer to someone else’s network has a duty of care to ensure that it is properly protected and not spreading viruses like a modern-day Typhoid Mary.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.