Virus attack hits Vista machines, cripples university network

A massive virus attack has hit the University of Exeter resulting in the entire network being shut down both by the virus and the network staff in an attempt to protect the infrastructure.
Written by Zack Whittaker, Contributor
A massive virus attack has hit the University of Exeter resulting in the entire network being shut down both by the virus and the network staff in an attempt to protect the infrastructure.

The virus hit the network on Monday and is still having major implications even now - two days later. According to the IT support email:

"...this is a completely new virus and we are the only organisation in the world to experience it. None of the mainstream virus software suppliers have seen this virus, and as such, there is no fix."

It's unclear if this virus is entirely unique, but it does highlight the challenges of security.

According to my source within the university, they are attempting to fix the issues with MS09-050, which details a vulnerability in Windows Vista (including SP1 and SP2), along with Windows Server 2008 (SP1 and SP2), which allows remote code execution.

The network status page for the university was updated earlier on today to state that the "virus is only prevalent in machines running Vista SP2", and as a result they brought the network offline to limit any further spread. They were also advising that anyone with a Vista machine, either a public machine or a laptop, should not connect to the network until further notice.

Since then, the status page now shows that certain areas of the network are now running and are slowly being brought online - but still avoiding machines which are susceptible to the exploit.

Internal network users would have had no access to the web or email, however off-campus users can now use the dedicated student portal, the Outlook Web Access email system and VPN capabilities. The virtual learning environment (VLE) was brought offline which means students and learners will have had no electronic access to their study materials. Even phone systems which rely on VoIP technology had been affected and were disconnected from the network.

Student residences and halls of residence are still currently offline but this will be one of the priorities, yet most of the network has now been restored. David Allen, registrar and deputy chief executive of the university, has assured students that any delay to handing in work will be treated sympathetically and will have "arranged short term extensions... as appropriate".

Other campuses of the university and connecting networks have been isolated, removing the branch office element and cutting campuses off from each other to limit further damage.


An internal email from the network security administration has been quoted as saying, "This is what happens when SUS [software update service] admins don't auto-approve", suggesting someone managing the network updates hadn't patched the exploitable computers with the appropriate fix, leading to this issue.

The virus is believed to have come from inside the network according to my source; whether via a student PC or a staff PC is not yet known. Other networks which connect to the Exeter network, such as external colleges and campuses have been patched and are "using nmap'ping the network for Vista machines to stop them accessing the network".

Whether anything was stolen or hacked as a result of this breach is unknown.

Vista has seemed to live to die another day, and maybe for Exeter, this day will be sooner rather than later. However, universities and institutions are stuck with Vista if they have already upgraded due to compatibility issues and the lack of support available now for XP. After the disruption caused to staff and students as a result of this breach, not to mention the money lost, I wouldn't blame them if they thought an immediate upgrade to Windows 7 or even another operating system would be a wise investment.

Editorial standards