Spotlight on Security: Laptops for home-schooling British children come with a nasty surprise
A number of websites have recently reported that some laptops funded by the British government for school use were found to be pre-infected with the Gamarue.L worm.
The BBC states that teachers in Bradford discovered the malware when preparing the laptops for use. They said it appeared to be contacting servers in Russia, and they shared their findings in an online forum. Information security consultant Paul Moore told the BBC that the Gamarue worm “presents a very severe threat to any PC or network“.
What does the malware do?
Gamarue.l is a variant of a worm first identified by Microsoft in 2012. According to Microsoft, the worm can give the attacker remote control of an infected PC, steal personal information, and change the computer’s security settings. Some members of the Gamarue malware family can spread by copying themselves to USB external drives, and from there to other computers. The Windows Report website states that the worm is also distributed by spam emails.
How have affected schools reacted?
According to the Daily Mail, Bradford Council alerted schools and asked them to check their networks. Schools in Lincolnshire and Wolverhampton were also affected.
Technology news website The Register states that one school is formatting the hard drives of possibly-infected laptops, and reinstalling them from a clean image, before distributing them to pupils. The site quotes a spokesperson for the British Department of Education as saying “We have been investigating an issue with malware that was found on a small number of the laptops provided to schools as part of our Get Help With Technology programme. In all known cases, the malware was detected and removed at the point schools first turned the devices on”. The Register goes on to say that the UK distributor of the laptops was said not to be responsible for configuring them.
It is not yet known how the affected laptops came to be infected with the worm. The supplier of the devices is said to be co-operating fully with authorities to investigate the case.
What action should you take if you think your laptop has been infected?
AV-Comparatives advises anyone getting a new computer to check that there is a working antivirus program installed, update it, and run a scan as soon as possible. Test results and reviews of suitable antivirus software can be found for free an our website.
AV-Comparatives is an independent testing lab based in Innsbruck, Austria, and has been publicly testing computer security software since 2004. It is ISO 9001:2015 certified for the scope “Independent Tests of Anti-Virus Software”. It also holds the EICAR certification as a “Trusted IT-Security Testing Lab”.
Sources: https://www.bbc.com/news/technology-55749959 https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Worm:Win32/Gamarue.L https://windowsreport.com/gamarue-malware-pc/ https://www.dailymail.co.uk/news/article-9172731/Laptops-given-children-home-schooling-lockdown-infected-RUSSIAN-virus.html https://www.theregister.com/2021/01/21/dept_education_school_laptops_malware/