New malware attack: don’t open attachments from unknown senders

9 Jul 2018 - 11:00

Dear UCT colleagues and students,

We are aware of a new malware attack currently doing the rounds on campus. This attack usually comes from a Gmail address, and could be entitled Receipt for payment or something similar.

When you open the attachment, a blank screen is shown. You won’t immediately see any result, and you won’t be asked to enter any details – but malicious code will begin running in the background.

The UCT Computer Security Incident Response Team (CSIRT) is working together with our service provider to put the necessary security measures in place to prevent further spreading of this message.

What do I do?

  • DO NOT CLICK THE ATTACHMENT IN THE EMAIL.
  • Send an email to the UCT Cybersecurity Incident Response Team, informing them that you received this email.
  • Delete the message from your Inbox, then delete it from your Deleted Items folder.

What happens if I clicked the attachment?

If you opened the attachment, your account may be compromised. This puts the UCT network and UCT assets at risk. Please:

  1. Disconnect your computer / device from the UCT network. You could shut down the computer, pull out the network cable (if you’re on a wired connection), or disable wireless communication (if you’re using WiFi).
  2. Using a device that you know to be free of malware and infection, immediately change your UCT password using Password Self-Service.
  3. Send an email to the UCT Cybersecurity Incident Response Team informing them that you have opened the attachment, but that you have disconnected the compromised computer / device, and changed your UCT password.

Please remember

  • Don't ever reply to emails that request personal information – especially usernames and passwords.
  • NEVER share your password with anyone – not even an ICTS representative.
  • Do not open attachments unless you can verify the sender and the nature of the attachment.
  • Don't open emails of unknown origin.
  • Don't click on links in emails if you cannot recognise where the link directs you.
  • Don't reply to spammers asking them to remove you from their mailing list. Replying just confirms your email address as valid, which encourages them to send you more spam.
  • Don't forward chain letters or marketing material.
  • Report any incidence of this or other phishing attacks of cyber security issues to the UCT CSIRT at uctcsirt@uct.ac.za. You can also report any other cybersecurity issues to the same address.