Please beware that several individuals at UT Arlington have reported receiving email messages containing an attached “.zip” files that contains hidden malware (malicious software).
While the Office of Information Technology continues to determine the nature of the malware, all emails that are received that contain compressed files will be quarantined until further notice, and access to shared drives (K:) will be blocked. This action is to mitigate further receipt and propagation of the malware.
OIT is in the process of removing email from inboxes – malicious email that has been received will remain in your inbox until removed or deleted. Please do not open the attachments of any messages that appear suspicious or you are not expecting. Sample messages included at the bottom of this message.
The malware appears to be a ransomware (cryptolocker variant) – it will encrypt files on the infected computer as well as network drives. The email subject line is not consistent and may have one of the following subject lines:
- Please find attached invoice no: <<random number>>
- If you receive a suspicious or unexpected email similar to the description above, do not open the attachment. Instead, we ask you to send the email as an attachment to firstname.lastname@example.org for analysis.
- If you are expecting legitimate email with attached zip file, you will need to manually release it from quarantine. The email system should notify you of emails being placed in quarantine, or you can login to https://quarantine.uta.edu/ to check quarantined mail. Please do not restore and open any suspicious or unexpected attachments you may find within the quarantine.
- If you received the message and opened the attachment, please contact OIT help desk for assistance.
Example 1 of the message:
Attached is a Print Manager form.
Format = Portable Document Format File (PDF) ________________________________
This email/fax transmission is confidential and intended solely for the person or organisation to whom it is addressed. If you are not the intended recipient, you must not copy, distribute or disseminate the information, or take any action in reliance of it. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of any organisation or employer. If you have received this message in error, do not open any attachment but please notify the sender (above) deleting this message from your system. For email transmissions please rely on your own virus check no responsibility is taken by the sender for any damage rising out of any bug or virus infection.
End of Example 1
Example 2 of the message:
From: <<random name and email address>>>
Sent: Monday, August 29, 2016 4:12 AM
Good morning <<name of recepient>>
Here is the excel file of the commission you earned last month. Please analyze the attachment to confirm the amount.
End of Example 2