It never fails, when things are not going well they only get worse. At the office, we were without any email for the majority of the day due to a trojan/worm taking over our Exchange cluster, one server at a time! Eventually, the servers were back up and the data was fully restored. I wonder to what extend was the University affected by this outage which lasted the majority of the working day?

If that wasn’t bad enough for us, as soon as emails were starting to come in, we started receiving the messages that we queued for delivery. It appears students were not able to view their classes due to a server failure. The central IT department failed to notify us until we made an inquiry with the help desk and even then we weren’t fully aware of the situation or a timeline of events.

It appears our video server was damaged by the same worm that affected our email cluster and a few other servers around campus. Microsoft was brought in because they were not aware of the worm that caused the damage, so this could’ve been a 0-day vulnerability. Things are still being digested and documented so I expect to hear more about the events after the weekend.

We received the following email from the University’s Chief Information Officer, so at least we know all resources were spent on taking care of the situation.

Early Thursday morning the Exchange servers were compromised. Just after 3am the hacker(s) started with EX0 and proceeded to all the exchange servers. The cause of the outage appears to be a new worm/virus that Microsoft isn’t aware of since our systems had the latest Microsoft patches. It also appears the attack was protocol based and not a password compromise. No data was lost or compromised.