Popular Post Chicog Posted June 3, 2014 Popular Post Share Posted June 3, 2014 Someone's going to do it sooner or later, now it's hit the MSM. They have apparently got a two-week block on this after which there may be a desperate attempt to steal financial data and encrypt your hard disks. So fill your boots: Alert (TA14-150A) GameOver Zeus P2P Malware Original release date: June 02, 2014 Print Document Systems AffectedMicrosoft Windows 95, 98, Me, 2000, XP, Vista, 7, and 8 Microsoft Server 2003, Server 2008, Server 2008 R2, and Server 2012 OverviewGameOver Zeus (GOZ), a peer-to-peer (P2P) variant of the Zeus family of bank credential-stealing malware identified in September 2011, [1] uses a decentralized network infrastructure of compromised personal computers and web servers to execute command-and-control. The United States Department of Homeland Security (DHS), in collaboration with the Federal Bureau of Investigation (FBI) and the Department of Justice (DOJ), is releasing this Technical Alert to provide further information about the GameOver Zeus botnet. Description GOZ, which is often propagated through spam and phishing messages, is primarily used by cybercriminals to harvest banking information, such as login credentials, from a victim’s computer. [2] Infected systems can also be used to engage in other malicious activities, such as sending spam or participating in distributed denial-of-service (DDoS) attacks. Prior variants of the Zeus malware utilized a centralized command and control (C2) botnet infrastructure to execute commands. Centralized C2 servers are routinely tracked and blocked by the security community. [1] GOZ, however, utilizes a P2P network of infected hosts to communicate and distribute data, and employs encryption to evade detection. These peers act as a massive proxy network that is used to propagate binary updates, distribute configuration files, and to send stolen data. [3] Without a single point of failure, the resiliency of GOZ’s P2P infrastructure makes takedown efforts more difficult. [1] ImpactA system infected with GOZ may be employed to send spam, participate in DDoS attacks, and harvest users' credentials for online services, including banking services. Solution Users are recommended to take the following actions to remediate GOZ infections: Use and maintain anti-virus software - Anti-virus software recognizes and protects your computer against most known viruses. It is important to keep your anti-virus software up-to-date (see Understanding Anti-Virus Software for more information). Change your passwords - Your original passwords may have been compromised during the infection, so you should change them (see Choosing and Protecting Passwords for more information). Keep your operating system and application software up-to-date - Install software patches so that attackers can't take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it (see Understanding Patches for more information). Use anti-malware tools - Using a legitimate program that identifies and removes malware can help eliminate an infection. Users can consider employing a remediation tool (examples below) that will help with the removal of GOZ from your system. F-Secure http://www.f-secure.com/en/web/home_global/online-scanner (Windows Vista, 7 and 8) http://www.f-secure.com/en/web/labs_global/removal-tools/-/carousel/view/142 (Windows XP) Heimdalhttp://goz.heimdalsecurity.com/ (Microsoft Windows XP, Vista, 7, 8 and 8.1) Microsofthttp://www.microsoft.com/security/scanner/en-us/default.aspx (Windows 8.1, Windows 8, Windows 7, Windows Vista, and Windows XP) Sophoshttp://www.sophos.com/VirusRemoval (Windows XP (SP2) and above) Symantechttp://www.symantec.com/connect/blogs/international-takedown-wounds-gameover-zeus-cybercrime-network (Windows XP, Windows Vista and Windows 7) Trend Microhttp://www.trendmicro.com/threatdetector (Windows XP, Windows Vista, Windows 7, Windows 8/8.1, Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2) The above are examples only and do not constitute an exhaustive list. The U.S. Government does not endorse or support any particular product or vendor. GOZ has been associated with the CryptoLocker malware. For more information on this malware, please visit the CryptoLocker Ransomware Infections page. 5 Link to comment Share on other sites More sharing options...
David48 Posted June 3, 2014 Share Posted June 3, 2014 Really, really thanks. But can I have the 'Dummies' version please? Dumb it down to me, explain the implications, that which is affected and what to do. Thanks 2 Link to comment Share on other sites More sharing options...
Popular Post Chicog Posted June 3, 2014 Author Popular Post Share Posted June 3, 2014 (edited) It's a virus spread by phishing emails and dodgy links, that's installed itself silently on unprotected computers. It's already been used to steal an estimated $100m by siphoning off peoples' bank details etc. Apparently they have temporary control over it so that it can't do anything, but that expires in two weeks. Because it's now been publicised, they anticipate that as soon as their controls lapse, the criminals that control it will go to work. It can do two things:(1) Steal your passwords. (2) (Possibly) Encrypt your hard disk and ask you for money to decrypt it. They recommend:(1) Running one of the scanners listed above. (2) Applying all Windows patches (i.e. do a Windows Update). (3) Applying all patches to things like Java, Adobe Reader, etc, (Secunia PSI is good for this). (4) Making sure you have a decent anti-virus package installed, and that you keep it up to date. (5) Changing your passwords. Edited June 3, 2014 by Chicog 7 Link to comment Share on other sites More sharing options...
IMHO Posted June 3, 2014 Share Posted June 3, 2014 Really, really thanks. But can I have the 'Dummies' version please? Dumb it down to me, explain the implications, that which is affected and what to do. Thanks Dummies version: If your PC runs Windows, go update your antivirus definitions and run a full system scan. Then do it again tomorrow, and the next day, and the next - JIC If your PC runs OSX, just keep on waiting with baited breath for Yosemite Link to comment Share on other sites More sharing options...
Chicog Posted June 3, 2014 Author Share Posted June 3, 2014 Yes, you would have to be a bit of a dummy to rely on that, you're right. 2 Link to comment Share on other sites More sharing options...
Popular Post dharmabm Posted June 3, 2014 Popular Post Share Posted June 3, 2014 Linux, game over (I win) Sent from my Galaxy Nexus SlimKat using Tapatalk 6 Link to comment Share on other sites More sharing options...
Popular Post ezzra Posted June 4, 2014 Popular Post Share Posted June 4, 2014 Lucky me, as every thing I own is under my mattress.... 6 Link to comment Share on other sites More sharing options...
Popular Post Gsxrnz Posted June 4, 2014 Popular Post Share Posted June 4, 2014 Lucky me, as every thing I own is under my mattress.... Which Operating system are you running on your mattress? 5 Link to comment Share on other sites More sharing options...
Popular Post Dr Robert Posted June 4, 2014 Popular Post Share Posted June 4, 2014 Brilliant information and very well laid out-thanks very much for the heads up and the solutions. 3 Link to comment Share on other sites More sharing options...
scorecard Posted June 4, 2014 Share Posted June 4, 2014 <script type='text/javascript'>window.mod_pagespeed_start = Number(new Date());</script> It's a virus spread by phishing emails and dodgy links, that's installed itself silently on unprotected computers. It's already been used to steal an estimated $100m by siphoning off peoples' bank details etc. Apparently they have temporary control over it so that it can't do anything, but that expires in two weeks. Because it's now been publicised, they anticipate that as soon as their controls lapse, the criminals that control it will go to work. It can do two things:(1) Steal your passwords. (2) (Possibly) Encrypt your hard disk and ask you for money to decrypt it. They recommend:(1) Running one of the scanners listed above. (2) Applying all Windows patches (i.e. do a Windows Update). (3) Applying all patches to things like Java, Adobe Reader, etc, (Secunia PSI is good for this). (4) Making sure you have a decent anti-virus package installed, and that you keep it up to date. (5) Changing your passwords. "It's already been used to steal an estimated $100m by siphoning off peoples' bank details etc." Can you please share some further information: Is that meaning cyber based bank accounts (Internet banking), or? In other words are my simple savings accounts, with Thai banks (not connected to internet banking) also at risk of this skimming? And, are simple savings account with an ATM card at higher risk compared to accounts with no ATM card? Please share, and thank you. Link to comment Share on other sites More sharing options...
NeverSure Posted June 4, 2014 Share Posted June 4, 2014 Good job, Chicog. Thanks. 1 Link to comment Share on other sites More sharing options...
patyh Posted June 4, 2014 Share Posted June 4, 2014 The information by the OP is in-accurate. GameOver Zeus original release date is 2007 not 2014. The FBI has already managed to seize control of the server crucial to the operation of the malware so the risk for GameOver Zeus is extremely low now. Now of course, if you are running any family of the Windows OS, you should at least have an anti-virus installed.. 2 Link to comment Share on other sites More sharing options...
Popular Post Suradit69 Posted June 4, 2014 Popular Post Share Posted June 4, 2014 Really, really thanks. But can I have the 'Dummies' version please? Dumb it down to me, explain the implications, that which is affected and what to do. Thanks Dummies version: If your PC runs Windows, go update your antivirus definitions and run a full system scan. Then do it again tomorrow, and the next day, and the next - JIC If your PC runs OSX, just keep on waiting with baited breath for Yosemite "If your PC runs OSX, just keep on waiting with baited breath for Yosemite" Bated or baited? I had a good kitty once whose breath seemed to have been baited by a tuna. 3 Link to comment Share on other sites More sharing options...
Joe Mamma Posted June 4, 2014 Share Posted June 4, 2014 And in the battle on the street, they use computers and receipts! Link to comment Share on other sites More sharing options...
Popular Post MILT Posted June 4, 2014 Popular Post Share Posted June 4, 2014 Mac no attack! 3 Link to comment Share on other sites More sharing options...
keeniau96 Posted June 4, 2014 Share Posted June 4, 2014 Full information here: http://www.majorgeeks.com/news/story/operation_tovar_disrupts_gameover_zeus_botnet_and_cryptolocker.html Apparently the FBI+helpers cleaned out several rat nests of black-hats so OK for now but the slime will creep back out. Link to comment Share on other sites More sharing options...
deepcell Posted June 4, 2014 Share Posted June 4, 2014 Linux, so many avaialable free of charge. If you want for enterprise take a look at RHEL (Red Hat Enterprise Linux). OpenSuse is a great option for windows users. Give a try! Link to comment Share on other sites More sharing options...
ScotBkk Posted June 4, 2014 Share Posted June 4, 2014 Really, really thanks. But can I have the 'Dummies' version please? Dumb it down to me, explain the implications, that which is affected and what to do. Thanks Dummies version: If your PC runs Windows, go update your antivirus definitions and run a full system scan. Then do it again tomorrow, and the next day, and the next - JIC If your PC runs OSX, just keep on waiting with baited breath for Yosemite "If your PC runs OSX, just keep on waiting with baited breath for Yosemite" Bated or baited? I had a good kitty once whose breath seemed to have been baited by a tuna. Same old nitpicking crap by others wanting to undermine members who only want to help !!!! Get a life !! 2 Link to comment Share on other sites More sharing options...
PadHopper Posted June 4, 2014 Share Posted June 4, 2014 This topic headline is counterproductively alarmist. Totally wrong. Mods should mod. 1 Link to comment Share on other sites More sharing options...
Traveling Sailor Posted June 4, 2014 Share Posted June 4, 2014 Mac no attack! Is this true? I just had a new, Windows 8 computer shipped from America. Should I have gone Apple?? 1 Link to comment Share on other sites More sharing options...
slipperylobster Posted June 4, 2014 Share Posted June 4, 2014 Really, really thanks. But can I have the 'Dummies' version please? Dumb it down to me, explain the implications, that which is affected and what to do. Thanks Looks like a cut and paste job from the source.... Link to comment Share on other sites More sharing options...
slipperylobster Posted June 4, 2014 Share Posted June 4, 2014 <script type='text/javascript'>window.mod_pagespeed_start = Number(new Date());</script> It's a virus spread by phishing emails and dodgy links, that's installed itself silently on unprotected computers. It's already been used to steal an estimated $100m by siphoning off peoples' bank details etc. Apparently they have temporary control over it so that it can't do anything, but that expires in two weeks. Because it's now been publicised, they anticipate that as soon as their controls lapse, the criminals that control it will go to work. It can do two things: (1) Steal your passwords. (2) (Possibly) Encrypt your hard disk and ask you for money to decrypt it. They recommend: (1) Running one of the scanners listed above. (2) Applying all Windows patches (i.e. do a Windows Update). (3) Applying all patches to things like Java, Adobe Reader, etc, (Secunia PSI is good for this). (4) Making sure you have a decent anti-virus package installed, and that you keep it up to date. (5) Changing your passwords. "It's already been used to steal an estimated $100m by siphoning off peoples' bank details etc." Can you please share some further information: Is that meaning cyber based bank accounts (Internet banking), or? In other words are my simple savings accounts, with Thai banks (not connected to internet banking) also at risk of this skimming? And, are simple savings account with an ATM card at higher risk compared to accounts with no ATM card? Please share, and thank you. anyways...normal people back up their data.....best done on an external device. you also can backup your os/partition. if ever you do get a problem, then you are ready. These things go on all the time. Link to comment Share on other sites More sharing options...
JesseFrank Posted June 4, 2014 Share Posted June 4, 2014 Linux, so many avaialable free of charge. If you want for enterprise take a look at RHEL (Red Hat Enterprise Linux). OpenSuse is a great option for windows users. Give a try! Open source is the cause for most of the virus problem in the PC world. Remember heartbleed. Give it a try Link to comment Share on other sites More sharing options...
sirchai Posted June 4, 2014 Share Posted June 4, 2014 Lucky me, as every thing I own is under my mattress.... Which Operating system are you running on your mattress? You should ask the flees and other tiny creatures living of his money.... Link to comment Share on other sites More sharing options...
USNret Posted June 4, 2014 Share Posted June 4, 2014 Mac no attack! Is this true? I just had a new, Windows 8 computer shipped from America. Should I have gone Apple?? Yes 1 Link to comment Share on other sites More sharing options...
impulse Posted June 4, 2014 Share Posted June 4, 2014 (edited) Mac no attack! Is this true? I just had a new, Windows 8 computer shipped from America. Should I have gone Apple?? Yes Windows: Tiny chance of losing a lot. Mac: 100% chance of paying too much for your computer and the software it runs. It's probably a wash if you keep your security up to date. Probably notable that the attack is related to Cryptolocker, which encrypts your hard drive until you send them money for the solution. So it's not just about stealing passwords and bank info. Edited June 4, 2014 by impulse Link to comment Share on other sites More sharing options...
sirchai Posted June 4, 2014 Share Posted June 4, 2014 Really, really thanks. But can I have the 'Dummies' version please? Dumb it down to me, explain the implications, that which is affected and what to do. Thanks Dummies version: If your PC runs Windows, go update your antivirus definitions and run a full system scan. Then do it again tomorrow, and the next day, and the next - JIC If your PC runs OSX, just keep on waiting with baited breath for Yosemite "If your PC runs OSX, just keep on waiting with baited breath for Yosemite" Bated or baited? I had a good kitty once whose breath seemed to have been baited by a tuna. Please hang in there, will ask an Irish computer specialist this afternoon. He seems to know all about nothing. When he had a computer problem and I was asking him what system he'd run, he said Google.] Another, Scottish Computer Specialist, who'd just started to teach computer in an EP setup, can't even make an online booking for an inland flight from Ubon to Bangkok.\ I think it's ground-baited, or bail trapped evidence. Could also be bated Grandma. We listened with bated breath to Grandma's stories of her travels. way `All right, Mrs Bates,' she said. `We'll do it your way'. Or is it actually from Norman Bate's hotel? Link to comment Share on other sites More sharing options...
Luxfare Posted June 4, 2014 Share Posted June 4, 2014 Weren't we told planes were going to fall out of the sky and nuclear missiles would self arm on New years eve 2000? Surely if it's a powerful virus it couldn't be put on hold for a couple of weeks?? It would either be permanently disabled or would be live right now. Seems scare mongering by virus protection companies. 1 Link to comment Share on other sites More sharing options...
dharmabm Posted June 4, 2014 Share Posted June 4, 2014 Linux, so many avaialable free of charge. If you want for enterprise take a look at RHEL (Red Hat Enterprise Linux). OpenSuse is a great option for windows users. Give a try! Open source is the cause for most of the virus problem in the PC world. Remember heartbleed. Give it a try Link to comment Share on other sites More sharing options...
IMHO Posted June 4, 2014 Share Posted June 4, 2014 Mac: 100% chance of paying too much for your computer and the software it runs. I appreciate that Mac's might be out of many's budget, but they're certainly not overpriced, if you compare apples to apples and understand that quality costs. I have 130K Baht Sony VAIO-Z I never use at all anymore since work provided me with a 110K Baht Macbook Pro (which runs Windows as well as OSX BTW - it's not about the OS). The Mac is the first computer I've *ever* used that doesn't piss me off. Hard to put a price on that 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now