Russian Malware found on Laptops given by Government

[VixAAT]

Summary

Some of the laptops given to vulnerable children during home schooling by the UK Government has been found containing malware.  The malware has been found contacting Russian servers. Teachers found some files and shared them on an online forum and found out that they were malware. According to the forum, the Windows laptops contained Gamarue.I, a worm identified by Microsoft in 2012. 

 

Quotes

Quote

 The Department for Education said it was aware and urgently investigating.

 

My thoughts

A bit stupid how your are supposed to give them a favour and help the children and then they had some Malware on it. The thing that it wasn't checked is bad as many vulnerable children may not know what it is and school's do not want to let some Russians have access to children's work and the school's location

 

Sources

https://www.bbc.co.uk/news/technology-55749959

[Sir Asvald]

Imagine the kids doing their work and all of a sudden, through the speakers they hear:

 

Spoiler

Suka Blyat Rush B!

 

[Kanna]

10 minutes ago, Sir Asvald said:

Imagine the kids doing their work and all of a sudden, through the speakers they hear:

 

  Hide contents

Suka Blyat Rush B!

 

Spoiler

BLYAAT THCEY AR CAMP B I DED

 

[Sir Asvald]

28 minutes ago, Kanna said:

  Hide contents

BLYAAT THCEY AR CAMP B I DED

 

 

 

Spoiler

THOSE CAPITALIST PIGS! I WILL AVENGE YOU VIKTOR!

 

[That Franc]

The fact that the malware is contacting Russian servers doesn't necessarily mean it's Russian malware. Russia is used as a hacking haven due to its laws that do not prohibit cybercrimes targeting foreign citizens.

[TargetDron3]

More importantly, why did these laptops not have a virus scanner on it?

The most basic of scanners should pick something up that is 8 years old. 

[HenrySalayne]

Are we talking about refurbished notebooks? Different models even? The article doesn't give any details.

If they were refurbished, it could have been someone using an already compromised installation medium.

[Letgomyleghoe]

1 hour ago, TargetDron3 said:

More importantly, why did these laptops not have a virus scanner on it?

The most basic of scanners should pick something up that is 8 years old. 

crypting, you can crypt and or obfuscate malware in a way that it passes through anti virus's.

which is why an anti-virus is kinda obsolete and common sense is better.

[BlueChinchillaEatingDorito]

7 hours ago, TheAverageGamer said:

My thoughts

A bit stupid how your are supposed to give them a favour and help the children and then they had some Malware on it. The thing that it wasn't checked is bad as many vulnerable children may not know what it is and school's do not want to let some Russians have access to children's work and the school's location

 

Sources

https://www.bbc.co.uk/news/technology-55749959

I can only assume these machines were imaged to be on a network domain, rather than standalone laptops. Which is why when a virus infection is detected on one system, it must be taken off the network or else the infection can spread like this. If it's only on "some" laptops, I don't see it being a problem with the original image itself. 

[SolarNova]

5 hours ago, That Franc said:

The fact that the malware is contacting Russian servers doesn't necessarily mean it's Russian malware. Russia is used as a hacking haven due to its laws that do not prohibit cybercrimes targeting foreign citizens.

Its also the go to country to blame atm when it comes to hacking lol 

[Kisai]

1 hour ago, Letgomyleghoe said:

crypting, you can crypt and or obfuscate malware in a way that it passes through anti virus's.

which is why an anti-virus is kinda obsolete and common sense is better.

Eh no.

 

A third party AV, like norton/mcafee etc is obsolete by virtue of Windows including an AV product that is less invasive, less naggy, and zero cost. Some of these rubbish third party products are no better than snake oil (often flagging cookies as spyware to scare you), nothing is improved with any version, and the latest UI's for these products include entire web browser UI nonsense for no reason other than to upsell you on their most expensive product.

 

AV products for mobile, mac and linux, are some of the worst snake oil, because viruses tend to not get onto these devices, because malware only targets the most common version, where as Windows 10 will still run malware that was written to work on Win95. It's the actual users being stupid that results in malware getting device, and no AV products protects against PEBKAC.

 

Basically if the user of the device is not particularly competent, and likes to steal software/games/films, then they need an AV product because piracy is rife with malware.

 

These laptops likely were not re-imaged, and the malware got onto them because they didn't have any IT staff to do so.

[SolarNova]

4 hours ago, Kisai said:

 piracy is rife with malware.

Depends.

 

Sure some rando program cracked by some unknown person on a rando site might be compromised, but its rare to find legit malware or viruses in those done by the larger groups. The more well known teams/groups have a reputation to uphold, and its been that way over the decades.

[poochyena]

5 hours ago, Caroline said:

-well how do you know it's a russian malware?

-there are weird letters on the code, def russian

-but anyone can write those with a keyboard and blame it on a country

-*ahem* no more questions please

 

5 hours ago, SolarNova said:

Its also the go to country to blame atm when it comes to hacking lol 

from the article
"The malware, which they said appeared to be contacting Russian servers"
they aren't being blamed randomly.

[Letgomyleghoe]

5 hours ago, Kisai said:

These laptops likely were not re-imaged, and the malware got onto them because they didn't have any IT staff to do so.

I wasn't saying the students with malware on the laptop were incompetent, or that they even downloaded it, It was purely just a reply to the previous post. 

[Kisai]

1 hour ago, SolarNova said:

Depends.

 

Sure some rando program cracked by some unknown person on a rando site might be compromised, but its rare to find legit malware or viruses in those done by the larger groups. The more well known teams/groups have a reputation to uphold, and its been that way over the decades.

It's higher than you think. Particularly when people google "download (thing) free" and various spammy piracy sites pop up. I'd be more willing to believe that someone downloaded one of the fake downloaders first.

 

No honor among thieves. 

 

Video piracy is almost impossible to catch malware unless, again, someone is downloading a "player" instead of the video.

[Quackers101]

Rush B is used by the russians as secret language. All of those who hear it, will do as commanded and rushing B.

This is due to the communism genes reacting to it, just like the stormtroopers getting ready for battle!

[kuddlesworth9419]

18 hours ago, That Franc said:

The fact that the malware is contacting Russian servers doesn't necessarily mean it's Russian malware. Russia is used as a hacking haven due to its laws that do not prohibit cybercrimes targeting foreign citizens.

Yea but that doesn't fit with the current narrative in the western world. 

[leadeater]

15 hours ago, TargetDron3 said:

More importantly, why did these laptops not have a virus scanner on it?

The most basic of scanners should pick something up that is 8 years old. 

Personally I think the bigger question is presumably these devices were imaged and prepared to go out to students so how is it malware go on them in the first place, does the base image they are putting on to the devices contain the malware in it because that's a epic fail if it does.

 

My gut feeling is they got compromised when sent to the school and placed on to their network and the schools are the source of the infection, seems like the most likely scenario to me. Then the school issued the device to the intended student after they had done what was necessary to get it ready for that student for that school.

[Bombastinator]

A lesson in how misleading headlines can be.  The words “Russian””government”and “malware” were used in the headline, and everyone is worried about Russian government malware. It has nothing to do with those though.  The government connection was vulnerable grade schoolers, the Russian connection was where the server was, and the malware connection was antique script kiddie stuff.  

[Bombastinator]

22 hours ago, SolarNova said:

Depends.

 

Sure some rando program cracked by some unknown person on a rando site might be compromised, but its rare to find legit malware or viruses in those done by the larger groups. The more well known teams/groups have a reputation to uphold, and its been that way over the decades.

All it takes is one though.   One in a hundred is rare, but it’s also more than enough.

[Chiyawa]

On 1/23/2021 at 9:20 PM, That Franc said:

The fact that the malware is contacting Russian servers doesn't necessarily mean it's Russian malware. Russia is used as a hacking haven due to its laws that do not prohibit cybercrimes targeting foreign citizens.

And not only that. The Russian server only act as a gateway. You can never know who is watching the data. It can be anyone.

 

On 1/24/2021 at 3:02 AM, SolarNova said:

Its also the go to country to blame atm when it comes to hacking lol 

Eh. Last time it was Russia. Now, it was either Russia or China. Why don't we ever blame Uncle Sam for once?

[shaz2sxy]

58 minutes ago, Chiyawa said:

Eh. Last time it was Russia. Now, it was either Russia or China. Why don't we ever blame Uncle Sam for once?

Cause we(the UK) are their pet....

[williamcll]

Shouldn't viruses like these be patched by microsoft years ago?

[wamred]

Yeah, ok. That goes to show the level of care that is put into deploying laptops there. That is sad.