Skip to main content

IT News

ITS may begin blocking file types often used to deliver malicious software

To minimize the risk of compromising WVU computers, networks and data, Information Technology Services is considering blocking two little-used file types in Office 365. In reviewing the latest malware and ransomware targeting faculty, staff and students, we found that a few file types are most commonly used for distribution: Word documents (doc, docx, docm) and ZIP files containing either JavaScript (JS) or Windows Scripting Files (WSF). The last two types are often disguised as PDF files.

We’re considering blocking both the JS and WSF file types in Office 365. We are NOT recommending a change with Word documents, which are typically business-critical. To comment on this proposal, please contact the Information Security Services team at by 4 p.m. Friday, Jan. 6.

JavaScript and Windows Scripting Files are rarely sent by email for business purposes, and those who use the file types are usually technically skilled in using other methods of transmission.