TunCERT Cleaning Service

The Tunisian CERT is providing a cleaning service to assist citizens to remove malware from their compromised machine.

When an infected machine is localised, the ISP is immediately contacted to identify the final customer owning the IP address, then the ISP is asked to make contact with the customer to inform him about the malicious activity coming from his computer and to inform him on how to clean the machine and how to avoid further infections.

The customer may be able to solve the problem; otherwise the ISP can assist him directly or by asking for tunCERT assistance for the cleaning-up. If the customer owns a single machine he can be asked to bring his computer to the tunCERT office, but if the customer owns multiple computers where a group of them is infected or in case of difficult identification of the compromised machine, then the tunCERT can send a team for an on-site assistance. This team will be composed mainly by the incident response team members.

The tunCERT is also providing an online cleaning service via:

The tunCERT awareness team is also educating home users on malware threats and provides them with tools to protect their computers by distributing free CDs contains free antivirus, publishing best practices on the website and distributing flyers.

Finally, the tunCERT is coordinating with public and private ISPs to fight malware infection and exploit honeynet data. The tunCERT is sending daily reports indicating about malicious IPS belonging to each ISP. Generally the ISPs inform their customers, but in case of massive malicious traffic they can disconnect their customers until cleaning the infected computers. The tunCERT is also sharing information with other national CSIRT and international monitoring entities in order to coordinate the malware fight.