Security experts have warned that more nasty surprises may be in store for recipients of a Department for Education (DfE) laptop scheme, after malware was found on some machines.
Malicious files were found on some laptops that were sent to a Bradford school as part of the government’s attempt to support remote learning for vulnerable children, the BBC reported yesterday.
They’re said to be infected with the legacy Gamarue.I worm, which Microsoft claims could seek to download additional malware to the endpoint. This could theoretically expose users to ransomware or theft of personal and financial information.
The report claimed that the infected laptops have been observed attempting to contact Russian servers.
The government is said to have shipped over 800,000 laptops to schools around the country, although a DfE spokesperson claimed only a “small number” were affected.
Tanium’s EMEA chief architect, Oliver Cronk, said action must be taken quickly to ensure any infected laptops aren’t used by children or their families.
“It’s clear these machines have not been wiped or updated properly and this raises concern around what else might be present on them, as well as how long these vulnerable children will now be left without devices if they’ve been compromised and need to be cleaned up,” he argued.
“Schools should work with authorities to identify how many of the 800,000 devices that have been given out contain the malware. Then they must also assess if it’s just pupils’ devices that have been compromised or teachers too, as this would cause further problems.”
Redscan head of threat intelligence, George Glass, also cautioned that there may be further trouble ahead for the government scheme.
“The Gamarue worm is not a new malware strain, it was first discovered in 2011 and is just one example of hundreds of such threats that may reside on old, unchecked devices,” he explained.
“If such an old worm was discovered on these machines it may not be the only nasty surprise. It’s certainly possible that newer and more severe malware strains are present on devices too.”
Sam Curry, chief security officer at Cybereason, argued that the laptops are likely to have been refurbished, which increases the risk of infection if they’re not properly treated before redistribution.
“The safest way to ensure students received a bug-free laptop would have been to wipe the hard drives, essentially starting from scratch by removing existing files and doing a complete reinstall on every machine. However, this requires time, money and patience,” he added.
“To reduce the overall risk to students the Department for Education should be putting security parameters in place to prevent them from downloading games, other apps and other unnecessary programs that could come from untrustworthy websites and sources and be laced with viruses or malware."