Schools 'find malware' on DfE laptops

Malware on laptops provided by the DfE for remote learning appears to be contacting Russian servers, says forum
21st January 2021, 4:58pm
Amy Gibbons


Schools 'find malware' on DfE laptops
Online Learning: Malware Has Reportedly Been Found On Laptops Supplied By The Dfe To Help Pupils Amid School Closures

Schools have discovered malware on laptops distributed by the government for disadvantaged students, according to an online forum.

The malware is said to appear to be contacting Russian servers.

Tes has seen a post on an online forum reporting that a "self-propagating network worm" has been found on Windows laptops sent to a Bradford school.

Remote learning: Pupils 'can't hear or see lessons' on DfE laptops

Headteachers: Laptops shortage 'still not fully resolved'

Digital divide: Pupils forced on to buses to get online

A post to the forum, which claims to relay a letter sent by Bradford Council, states: "We have been made aware of the following issue from a Bradford school. They have just received their final assignment of Windows laptops from the DfE.

'Malware' on laptops delivered for online learning

"Upon unboxing and preparing them, it was discovered that a number of the laptops are infected with a self-propagating network worm (Gamarue.I). The network worm looks like it contacts Russian servers when active.

"The DfE helpdesk has been notified and a screenshot of infected files has been provided to them. This shows the infected file was last modified on 7/12/2019, shortly after the laptop was manufactured. The DfE have confirmed that a few schools have reported this."

Another user, based in Wolverhampton, also posted on the forum: "Hello all, I know bad news isn't what we need right now but we've just fired up a bunch of these to prep and number of them have alerted via the built-in AV that a WORM has been found. These are the non-DfE spec laptops".

They added: "For those not wiping and rebuilding these, it may be worth rechecking these before giving out."

And a third user, based in Bradford, posted in a separate thread on the forum discussing the same type of laptops: "We had our final batch of these delivered last week. While configuring them this week, we discovered quite a number of them came with a virus installed on them!

"The laptops are infected with a self-propagating network worm (Gamarue.I). We have informed the DfE helpdesk who have said we weren't the only school to have notified them of this! I did ask them to notify schools but they still haven't as I write this, so thought I should post on here!

"The manufacturer has said the recovery partition shouldn't include the infected files so we can reset them to factory default but we aren't taking the risk and have taken the decision to completely wipe all of them before use."

The DfE said it was urgently investigating the issue.

The department told Tes that it had received reports of the issue from less than 10 schools.

It added that all Windows devices had arrived with a virus defender already installed, and reports from schools confirmed that this pre-installed defender destroyed the virus during the set-up process.

Tes also asked how many laptops had been infected, but the department did not provide a figure.

A DfE spokesperson said: "We are aware of an issue with a small number of devices.

"And we are investigating as an urgent priority to resolve the matter as soon as possible.

"DfE IT teams are in touch with those who have reported this issue.

"We believe this is not widespread."

Labour's shadow education secretary, Kate Green, called the reports "deeply concerning" and said education secretary Gavin Williamson must decide if "he is going to put in place a credible plan for children to learn at home, or if he will just tell the Russian server to go away and shut up".

Brian Higgins, security specialist at Comparitech, said: "Whilst it is unclear where these particular laptops were sourced, it is absolutely vital that anyone seeking to source devices, whether they are bought using sponsorship or donated directly, be fully aware of the risk that they may contain dormant or active malicious software and research appropriate methods to make them safe before they are distributed to homes and families.

"The potential for malicious software to be used against recipients is not limited to the children for which the devices are intended, as access to the internet will no doubt be useful for other family and friends outside of school hours.

"I would highly recommend that anyone distributing devices include some information about online safety."

You’ve reached your limit of free articles this month

Register for free to read more

You can read two more articles on Tes for free this month if you register using the button below.

Alternatively, you can subscribe for just £1 per month for the next three months and get:

  • Unlimited access to all Tes magazine content
  • Exclusive subscriber-only articles 
  • Email newsletters

Already registered? Log in

You’ve reached your limit of free articles this month

Subscribe to read more

You can subscribe for just £1 per month for the next three months and get:

  • Unlimited access to all Tes magazine content
  • Exclusive subscriber-only articles 
  • Email newsletters