Posted 2/24/2016 11:40:14 AM
closed 2/25/2016 7:54 AM
Any user with email should not open any messages they receive with a subject of 'Scanned image' from an email address that starts with the name of 'southlands'
Virus email bombardment
Other
2/25/2016 7:55:02 AM:
The email barrage stopped yesterday afternoon.
2/24/2016 3:10:54 PM:
This incident is still on going.
For the past hour the Administrative Systems and Enterprise Systems teams have been monitoring a large number of messages coming in with the subject 'Scanned image' and a sender address of the form 'southlandsxyz@uwyo.edu', where xyz is a number. These messages are currently being quarantined by the Sophos appliance, and those that make it through because the user has opted-out of Sophos quarantining have been caught by virus detection on Office 365.
As of the last check there were 67 IP addresses around the world sending these messages to UW users. So far over 300 UW users have been targeted.
Our virus protection systems are working and mitigating this threat, but there is the possibility a message may slip through if the virus payload changes.
IT personnel are investigating the problem. No estimated time for correction of the problem is currently available.
Information Technology apologizes for any inconvenience this may cause you. Please contact the Help Desk at 766-HELP (4357), option 1, or send an email to the Help Desk (userhelp@uwyo.edu) if you have any questions.