Malware Infections – Spreadsheet attachments in emails


Staff, academics and students dealing with finance for University / College clubs and societies should be very cautious with email attachments.

Extreme caution is needed in opening attachments, especially those from unfamiliar senders or mentioning unfamiliar companies.  If a message appears at all suspect then we strongly recommend that you get a second opinion.


IT Services network security team (OxCERT) have reported a major malware outbreak today (Friday 6 November 2015). Over 30 infected systems across the University network and counting.

Reports from other University IT staff suggest that systems are getting infected as a result of spam emails regarding payments and invoicing, and people attempting to open malicious email attachments (.xls and possibly others). Typical behaviour seems to be that the attachment appears to be empty.

At present it seems that the antivirus software on University email servers and Nexus are not detecting the malicious payloads. They have submitted some samples for analysis and hope that antivirus signatures will be released in the near future, but obviously it is too late for those who have already opened the messages.

OxCERT are attempting to get the situation under control but they are dealing with a high volume of incidents.

We do appreciate that many staff and students will receive legitimate invoices and other documents in a similar manner, with the result that it is difficult to tell the legitimate from the malicious; indeed that is why the attacks can be so successful, and why we are keen to obtain reliable detection signatures before systems can be infected.

Suspicious messages can be forwarded to OxCERT at the following email address

but please appreciate that the response times may be longer than usual.