Gandalf_The_Grey
Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
- Apr 24, 2016
- 7,260
A number of websites have recently reported that some laptops funded by the British government for school use were found to be pre-infected with the Gamarue.L worm.
The BBC states that teachers in Bradford discovered the malware when preparing the laptops for use1. They said it appeared to be contacting servers in Russia, and they shared their findings in an online forum. Information security consultant Paul Moore told the BBC that the Gamarue worm “presents a very severe threat to any PC or network”.
What does the threat?
Gamarue.l is a variant of a worm first identified by Microsoft in 2012. According to Microsoft, the worm can give the attacker remote control of an infected PC, steal personal information, and change the computer’s security settings. Some members of the Gamarue malware family can spread by copying themselves to USB external drives, and from there to other computers. The Windows Report website states that the worm is also distributed by spam emails.3
According to the Daily Mail4, Bradford Council alerted schools and asked them to check their networks. Schools in Lincolnshire and Wolverhampton were also affected.
What are schools doing now?
Technology news website The Register states that one school is formatting the hard drives of possibly-infected laptops, and reinstalling them from a clean image, before distributing them to pupils.5 The site quotes a spokesperson for the British Department of Education as saying “We have been investigating an issue with malware that was found on a small number of the laptops provided to schools as part of our Get Help With Technology programme. In all known cases, the malware was detected and removed at the point schools first turned the devices on”. The Register goes on to say that the UK distributor of the laptops was said not to be responsible for configuring them.
It is not yet known how the affected laptops came to be infected with the worm. The supplier of the devices is said to be co-operating fully with authorities to investigate the case.
What to do if you are hit?
If you get infected by any malware, please do a new setup, don’t waste time trying to remove the malware. You can never be sure, that you removed all the artefacts of an infection. Please do backups!
General Advise
AV-Comparatives advises anyone getting a new computer to check that there is a working AV program installed, update it, and run a scan as soon as possible. Test results and reviews of suitable antivirus software can be found for free an our website.