The University of Exeter in England has reported that it suffered a “severe” virus outbreak, which resulted on its entire network being shut down earlier this week.
Although the University reports that 95% of its network is now back to normal operation, mystery still surrounds what exact piece of malware they were hit by.
ZDNet blogger Zack Whittaker appears to have got some inside information, as he quotes an internal support email which says:
"...this is a completely new virus and we are the only organisation in the world to experience it. None of the mainstream virus software suppliers have seen this virus, and as such, there is no fix."
It’s not entirely clear to me how the University of Exeter would know that they are the only organisation in the world to encounter the malware, but I’ll let that pass.
In a statement to students, David Allen, registrar and deputy chief executive of the university provided some additional information:
"The University suffered a virus attack ... which we believe came in through PCs running Microsoft Windows Vista Service Pack 2. Experience of dealing with data corrupting viruses elsewhere indicates that it is essential to shut down the network ASAP to avoid so many machines and files being corrupted that it takes weeks to recover. Therefore, although this is a PC rather than a network problem, we had to shut down the network to isolate the virus."
It’s clear that the University’s IT team is pointing the finger of suspicion at computers running Windows Vista SP2, as they are planning to virus-scan all computers running the operating system:
University campuses are, of course, complex beasts and the IT teams who secure them can have a tough job. The problem is compounded by having a massive userbase of students who may plug their own devices into the network, or may show little care for the security of a communal computer and put it at unnecessary risk.
For instance, you may have students who are using P2P file-sharing software to download music, software, movies and games. This may not only be putting your educational establishment in hot water, it could also be exposing you to malware risks. Maybe it’s time you applied some control to which programs staff and pupils are able to run?
Keeping up-to-date with security patches and software is a must, as is educating staff and students about the dangers that might be lurking on the internet. It’s not clear at the moment if this is how the un-named virus entered the University of Exeter’s network, but anyone attaching their computer to someone else’s network has a duty of care to ensure that it is properly protected and not spreading viruses like a modern-day Typhoid Mary.