Recently a fraudulent email has been distributed from compromised UBC email addresses. The message asks users to review an attached Microsoft Word document, which contains a virus.
Sophos anti-virus has determined the virus to be Trojan (Troj/DocDL-ARF) and is removing it as detected. As of Jan 12/16, TrendMicro is detecting it as W2KM_DLOADR.YYSOH.
The Sophos Enterprise Consoles have been updated with the latest definitions to detect this virus. Please ensure that your systems are up to date and are pushing out the new signatures.
A copy of the email is below:
From: <Name removed >
Sent: Thursday, January 07, 2016 10:57 AM
To: < list of recipients removed >
Subject: 2016 Security Protocol
Please be advised of the new security protocol for Verio.com users and staff.
This will come in to affect immediately so please take the time to look over the revisions.
Any questions feel free to ask.
Do not reply to this email, click on any links or fill out any online forms with your account information. If you think you may have submitted your UBC CWL or login account credentials, go to myAccount and login and change your password immediately. The email can then be deleted from your Inbox or mobile phone.
If you have received this email message, please contact your department’s IT support staff for assistance, as your computer will likely need to be wiped and re-imaged due to malicious software.