You have two weeks to clean up your computer...... or else.

[Chicog]

Someone's going to do it sooner or later, now it's hit the MSM.

They have apparently got a two-week block on this after which there may be a desperate attempt to steal financial data and encrypt your hard disks.

So fill your boots:

Alert (TA14-150A) GameOver Zeus P2P Malware Original release date: June 02, 2014

Print Document

Systems Affected

• Microsoft Windows 95, 98, Me, 2000, XP, Vista, 7, and 8
• Microsoft Server 2003, Server 2008, Server 2008 R2, and Server 2012

Overview

GameOver Zeus (GOZ), a peer-to-peer (P2P) variant of the Zeus family of bank credential-stealing malware identified in September 2011, [1] uses a decentralized network infrastructure of compromised personal computers and web servers to execute command-and-control. The United States Department of Homeland Security (DHS), in collaboration with the Federal Bureau of Investigation (FBI) and the Department of Justice (DOJ), is releasing this Technical Alert to provide further information about the GameOver Zeus botnet.

Description

GOZ, which is often propagated through spam and phishing messages, is primarily used by cybercriminals to harvest banking information, such as login credentials, from a victim’s computer. [2] Infected systems can also be used to engage in other malicious activities, such as sending spam or participating in distributed denial-of-service (DDoS) attacks.

Prior variants of the Zeus malware utilized a centralized command and control (C2) botnet infrastructure to execute commands. Centralized C2 servers are routinely tracked and blocked by the security community. [1] GOZ, however, utilizes a P2P network of infected hosts to communicate and distribute data, and employs encryption to evade detection. These peers act as a massive proxy network that is used to propagate binary updates, distribute configuration files, and to send stolen data. [3] Without a single point of failure, the resiliency of GOZ’s P2P infrastructure makes takedown efforts more difficult. [1]

Impact

A system infected with GOZ may be employed to send spam, participate in DDoS attacks, and harvest users' credentials for online services, including banking services.

Solution

Users are recommended to take the following actions to remediate GOZ infections:

• Use and maintain anti-virus software - Anti-virus software recognizes and protects your computer against most known viruses. It is important to keep your anti-virus software up-to-date (see Understanding Anti-Virus Software for more information).
• Change your passwords - Your original passwords may have been compromised during the infection, so you should change them (see Choosing and Protecting Passwords for more information).
• Keep your operating system and application software up-to-date - Install software patches so that attackers can't take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it (see Understanding Patches for more information).
• Use anti-malware tools - Using a legitimate program that identifies and removes malware can help eliminate an infection. Users can consider employing a remediation tool (examples below) that will help with the removal of GOZ from your system.

F-Secure

http://www.f-secure.com/en/web/home_global/online-scanner (Windows Vista, 7 and 8)

http://www.f-secure.com/en/web/labs_global/removal-tools/-/carousel/view/142 (Windows XP)

Heimdal

http://goz.heimdalsecurity.com/ (Microsoft Windows XP, Vista, 7, 8 and 8.1)

Microsoft

http://www.microsoft.com/security/scanner/en-us/default.aspx (Windows 8.1, Windows 8, Windows 7, Windows Vista, and Windows XP)

Sophos

http://www.sophos.com/VirusRemoval (Windows XP (SP2) and above)

Symantec

http://www.symantec.com/connect/blogs/international-takedown-wounds-gameover-zeus-cybercrime-network (Windows XP, Windows Vista and Windows 7)

Trend Micro

http://www.trendmicro.com/threatdetector (Windows XP, Windows Vista, Windows 7, Windows 8/8.1, Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2)

The above are examples only and do not constitute an exhaustive list. The U.S. Government does not endorse or support any particular product or vendor.

• GOZ has been associated with the CryptoLocker malware. For more information on this malware, please visit the CryptoLocker Ransomware Infections page.

[David48]

Really, really thanks.

But can I have the 'Dummies' version please?

Dumb it down to me, explain the implications, that which is affected and what to do.

Thanks

[Chicog]

It's a virus spread by phishing emails and dodgy links, that's installed itself silently on unprotected computers.

It's already been used to steal an estimated $100m by siphoning off peoples' bank details etc.

Apparently they have temporary control over it so that it can't do anything, but that expires in two weeks.

Because it's now been publicised, they anticipate that as soon as their controls lapse, the criminals that control it will go to work. It can do two things:

(1) Steal your passwords.

(2) (Possibly) Encrypt your hard disk and ask you for money to decrypt it.

They recommend:

(1) Running one of the scanners listed above.

(2) Applying all Windows patches (i.e. do a Windows Update).

(3) Applying all patches to things like Java, Adobe Reader, etc, (Secunia PSI is good for this).

(4) Making sure you have a decent anti-virus package installed, and that you keep it up to date.

(5) Changing your passwords.

[IMHO]

Really, really thanks.

But can I have the 'Dummies' version please?

Dumb it down to me, explain the implications, that which is affected and what to do.

Thanks

Dummies version:

If your PC runs Windows, go update your antivirus definitions and run a full system scan. Then do it again tomorrow, and the next day, and the next - JIC

If your PC runs OSX, just keep on waiting with baited breath for Yosemite

[Chicog]

Yes, you would have to be a bit of a dummy to rely on that, you're right.

[dharmabm]

Linux, game over (I win)

Sent from my Galaxy Nexus SlimKat using Tapatalk

[ezzra]

Lucky me, as every thing I own is under my mattress....

[Gsxrnz]

Lucky me, as every thing I own is under my mattress....

Which Operating system are you running on your mattress?

[Dr Robert]

Brilliant information and very well laid out-thanks very much for the heads up and the solutions.

[scorecard]

<script type='text/javascript'>window.mod_pagespeed_start = Number(new Date());</script>

It's a virus spread by phishing emails and dodgy links, that's installed itself silently on unprotected computers.

It's already been used to steal an estimated $100m by siphoning off peoples' bank details etc.

Apparently they have temporary control over it so that it can't do anything, but that expires in two weeks.

Because it's now been publicised, they anticipate that as soon as their controls lapse, the criminals that control it will go to work. It can do two things:

(1) Steal your passwords.

(2) (Possibly) Encrypt your hard disk and ask you for money to decrypt it.

They recommend:

(1) Running one of the scanners listed above.

(2) Applying all Windows patches (i.e. do a Windows Update).

(3) Applying all patches to things like Java, Adobe Reader, etc, (Secunia PSI is good for this).

(4) Making sure you have a decent anti-virus package installed, and that you keep it up to date.

(5) Changing your passwords.

"It's already been used to steal an estimated $100m by siphoning off peoples' bank details etc."

Can you please share some further information:

Is that meaning cyber based bank accounts (Internet banking), or?

In other words are my simple savings accounts, with Thai banks (not connected to internet banking) also at risk of this skimming?

And, are simple savings account with an ATM card at higher risk compared to accounts with no ATM card?

Please share, and thank you.

[NeverSure]

Good job, Chicog. Thanks.

[patyh]

The information by the OP is in-accurate.

GameOver Zeus original release date is 2007 not 2014.

The FBI has already managed to seize control of the server crucial to the operation of the malware so the risk for GameOver Zeus is extremely low now.

Now of course, if you are running any family of the Windows OS, you should at least have an anti-virus installed..

[Suradit69]

Really, really thanks.

But can I have the 'Dummies' version please?

Dumb it down to me, explain the implications, that which is affected and what to do.

Thanks

Dummies version:

If your PC runs Windows, go update your antivirus definitions and run a full system scan. Then do it again tomorrow, and the next day, and the next - JIC

If your PC runs OSX, just keep on waiting with baited breath for Yosemite

"If your PC runs OSX, just keep on waiting with baited breath for Yosemite"

Bated or baited?

I had a good kitty once whose breath seemed to have been baited by a tuna.

[Joe Mamma]

And in the battle on the street, they use computers and receipts!

[MILT]

Mac no attack!

[keeniau96]

Full information here:

http://www.majorgeeks.com/news/story/operation_tovar_disrupts_gameover_zeus_botnet_and_cryptolocker.html

Apparently the FBI+helpers cleaned out several rat nests of black-hats so OK for now but the slime will creep back out.

[deepcell]

Linux, so many avaialable free of charge. If you want for enterprise take a look at RHEL (Red Hat Enterprise Linux). OpenSuse is a great option for windows users. Give a try!

[ScotBkk]

Really, really thanks.

But can I have the 'Dummies' version please?

Dumb it down to me, explain the implications, that which is affected and what to do.

Thanks

Dummies version:

If your PC runs Windows, go update your antivirus definitions and run a full system scan. Then do it again tomorrow, and the next day, and the next - JIC

If your PC runs OSX, just keep on waiting with baited breath for Yosemite

"If your PC runs OSX, just keep on waiting with baited breath for Yosemite"

Bated or baited?

I had a good kitty once whose breath seemed to have been baited by a tuna.

Same old nitpicking crap by others wanting to undermine members who only want to help !!!! Get a life !!

[PadHopper]

This topic headline is counterproductively alarmist. Totally wrong. Mods should mod.

[Traveling Sailor]

Mac no attack!

Is this true? I just had a new, Windows 8 computer shipped from America. Should I have gone Apple??

[slipperylobster]

Really, really thanks.

But can I have the 'Dummies' version please?

Dumb it down to me, explain the implications, that which is affected and what to do.

Thanks

Looks like a cut and paste job from the source....

[slipperylobster]

<script type='text/javascript'>window.mod_pagespeed_start = Number(new Date());</script>

It's a virus spread by phishing emails and dodgy links, that's installed itself silently on unprotected computers.

It's already been used to steal an estimated $100m by siphoning off peoples' bank details etc.

Apparently they have temporary control over it so that it can't do anything, but that expires in two weeks.

Because it's now been publicised, they anticipate that as soon as their controls lapse, the criminals that control it will go to work. It can do two things:

(1) Steal your passwords.

(2) (Possibly) Encrypt your hard disk and ask you for money to decrypt it.

They recommend:

(1) Running one of the scanners listed above.

(2) Applying all Windows patches (i.e. do a Windows Update).

(3) Applying all patches to things like Java, Adobe Reader, etc, (Secunia PSI is good for this).

(4) Making sure you have a decent anti-virus package installed, and that you keep it up to date.

(5) Changing your passwords.

"It's already been used to steal an estimated $100m by siphoning off peoples' bank details etc."

Can you please share some further information:

Is that meaning cyber based bank accounts (Internet banking), or?

In other words are my simple savings accounts, with Thai banks (not connected to internet banking) also at risk of this skimming?

And, are simple savings account with an ATM card at higher risk compared to accounts with no ATM card?

Please share, and thank you.

anyways...normal people back up their data.....best done on an external device.

you also can backup your os/partition.

if ever you do get a problem, then you are ready.

These things go on all the time.

[JesseFrank]

Linux, so many avaialable free of charge. If you want for enterprise take a look at RHEL (Red Hat Enterprise Linux). OpenSuse is a great option for windows users. Give a try!

Open source is the cause for most of the virus problem in the PC world. Remember heartbleed.

Give it a try

[sirchai]

Lucky me, as every thing I own is under my mattress....

Which Operating system are you running on your mattress?

You should ask the flees and other tiny creatures living of his money....

[USNret]

Mac no attack!

Is this true? I just had a new, Windows 8 computer shipped from America. Should I have gone Apple??

Yes

[impulse]

Mac no attack!

Is this true? I just had a new, Windows 8 computer shipped from America. Should I have gone Apple??

Yes

Windows: Tiny chance of losing a lot.

Mac: 100% chance of paying too much for your computer and the software it runs.

It's probably a wash if you keep your security up to date.

Probably notable that the attack is related to Cryptolocker, which encrypts your hard drive until you send them money for the solution. So it's not just about stealing passwords and bank info.

[sirchai]

Really, really thanks.

But can I have the 'Dummies' version please?

Dumb it down to me, explain the implications, that which is affected and what to do.

Thanks

Dummies version:

If your PC runs Windows, go update your antivirus definitions and run a full system scan. Then do it again tomorrow, and the next day, and the next - JIC

If your PC runs OSX, just keep on waiting with baited breath for Yosemite

"If your PC runs OSX, just keep on waiting with baited breath for Yosemite"

Bated or baited?

I had a good kitty once whose breath seemed to have been baited by a tuna.

Please hang in there, will ask an Irish computer specialist this afternoon. He seems to know all about nothing. When he had a computer problem and I was asking him what system he'd run, he said Google.]

Another, Scottish Computer Specialist, who'd just started to teach computer in an EP setup, can't even make an online booking for an inland flight from Ubon to Bangkok.\

I think it's ground-baited, or bail trapped evidence. Could also be bated Grandma.

We listened with bated breath to Grandma's stories of her travels.

way

`All right, Mrs Bates,' she said. `We'll do it your way'. Or is it actually from Norman Bate's hotel?

[Luxfare]

Weren't we told planes were going to fall out of the sky and nuclear missiles would self arm on New years eve 2000? Surely if it's a powerful virus it couldn't be put on hold for a couple of weeks?? It would either be permanently disabled or would be live right now. Seems scare mongering by virus protection companies.

[dharmabm]

Linux, so many avaialable free of charge. If you want for enterprise take a look at RHEL (Red Hat Enterprise Linux). OpenSuse is a great option for windows users. Give a try!

Open source is the cause for most of the virus problem in the PC world. Remember heartbleed.

Give it a try

[IMHO]

Mac: 100% chance of paying too much for your computer and the software it runs.

I appreciate that Mac's might be out of many's budget, but they're certainly not overpriced, if you compare apples to apples and understand that quality costs.

I have 130K Baht Sony VAIO-Z I never use at all anymore since work provided me with a 110K Baht Macbook Pro (which runs Windows as well as OSX BTW - it's not about the OS).

The Mac is the first computer I've *ever* used that doesn't piss me off. Hard to put a price on that