GameOver Zeus May not be as Over as You Think
The FBI, along with the Department of Justice, announced a multinational effort on their website that has disrupted a botnet called GameOver Zeus. GameOver Zeus has infected millions of Internet users around the world and has stolen millions of dollars.
The UK’s National Crime Agency (NCA) has worked closely with the FBI to crack down on the GameOver Zeus botnet. The NCA has given infected users a two week window to get rid of the malware and those lucky enough to have thus far been spared, the opportunity to safeguard themselves against future attacks. The two week window is an estimation on how long it will take cybercriminals to build a new botnet. The FBI has stated on their website that GameOver’s botnet is different from earlier Zeus variants in that the command and control infrastructure communicates peer-to-peer, rather than from centralized servers. This means that any infected computer can communicate controls to other infected devices. If cybercriminals build a new botnet, which will likely happen, the new botnet can resurrect dormant infected machines and continue to infect new users while stealing financial and personal information from innocent victims.
Do you really have two weeks, and what should you do?
Who knows how long it may take for a new botnet to emerge; it could appear tomorrow or in two weeks. People should not take this threat lightly and should act immediately. The FBI warns that your computer may be infected if: It operates slower than usual, your cursor moves without your input, you notice unauthorized money transfers or logins to your bank accounts, or if someone demands a ransom to unlock encrypted files. However, there is a possibility that you may not notice any unusual activity. It is therefore imperative that everyone have antivirus software installed on their PC, update all their software, including their antivirus, and continuously scan their PC for GameOver Zeus and other malicious programs.
How does GameOver Zeus get onto my PC and how does it work?
GameOver Zeus can infect computers by tricking users into downloading it. The malware disguises itself as something you would normally trust, such as a link sent to you by your “bank” or in an attachment sent to you by your “colleague” or “friend.” This is often achieved by creating email pseudonyms and mass sending emails from other infected users, so that users believe someone they trust has sent them something. Always be cautious of links and attachments sent to you via email or instant message, make sure the message is actually from someone you trust and double check with that person to confirm that they have in fact sent you a safe attachment or link.
Once on a computer, GameOver Zeus, also known as GOZeus in this stage, silently searches the PC for banking credentials it can exploit. If GOZeus does not find financial information it downloads CryptoLocker. CryptoLocker encrypts local user files, meaning files stored on your hardware, and demands users pay a ransom if they would like to access their files again. Files stored on your hardware can include valuable documents such as family photos, work documents or even your tax return information. People want to keep these files which is why cybercriminals often profit using CryptoLocker. Make sure you back up important files on a regular basis to avoid losing them to ransomware.
AVAST detects and protects its users from CryptoLocker and GOZeus. We also encourage users without any antivirus protection, or expired antivirus protection to download AVAST to scan their PC for GameOver Zeus.
Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on Facebook, Twitter and Google+. Business owners – check out our business products.
Avast Threat Intelligence has identified a new advanced persistent threats (APT) campaign targeting government agencies and a government data center in Mongolia.
Our Aposemat Team has been testing the capabilities of IPv6 and how malware could take advantage of it. One of the topics explored was exfiltration of data via the IPv6 protocol, which we discuss in this post.
Popular banking services, including PayPal, Revolut and Venmo, allow users to request money from others with a few easy steps. Although simple, this functionality could increase the likelihood of related spearphishing attacks.