Jump to content
All visa questions and fresh Immigration updates here ×

You have two weeks to clean up your computer...... or else.

Chicog

By Chicog
in IT and Computers

 Share

Recommended Posts

  • Popular Post
Chicog Star Member

Chicog

Posted
  • Popular Post
Posted

Someone's going to do it sooner or later, now it's hit the MSM.

They have apparently got a two-week block on this after which there may be a desperate attempt to steal financial data and encrypt your hard disks.

So fill your boots:

Alert (TA14-150A) GameOver Zeus P2P Malware Original release date: June 02, 2014
Systems Affected
  • Microsoft Windows 95, 98, Me, 2000, XP, Vista, 7, and 8
  • Microsoft Server 2003, Server 2008, Server 2008 R2, and Server 2012
Overview

GameOver Zeus (GOZ), a peer-to-peer (P2P) variant of the Zeus family of bank credential-stealing malware identified in September 2011, [1] uses a decentralized network infrastructure of compromised personal computers and web servers to execute command-and-control. The United States Department of Homeland Security (DHS), in collaboration with the Federal Bureau of Investigation (FBI) and the Department of Justice (DOJ), is releasing this Technical Alert to provide further information about the GameOver Zeus botnet.

Description

GOZ, which is often propagated through spam and phishing messages, is primarily used by cybercriminals to harvest banking information, such as login credentials, from a victim’s computer. [2] Infected systems can also be used to engage in other malicious activities, such as sending spam or participating in distributed denial-of-service (DDoS) attacks.

Prior variants of the Zeus malware utilized a centralized command and control (C2) botnet infrastructure to execute commands. Centralized C2 servers are routinely tracked and blocked by the security community. [1] GOZ, however, utilizes a P2P network of infected hosts to communicate and distribute data, and employs encryption to evade detection. These peers act as a massive proxy network that is used to propagate binary updates, distribute configuration files, and to send stolen data. [3] Without a single point of failure, the resiliency of GOZ’s P2P infrastructure makes takedown efforts more difficult. [1]

Impact

A system infected with GOZ may be employed to send spam, participate in DDoS attacks, and harvest users' credentials for online services, including banking services.

Solution

Users are recommended to take the following actions to remediate GOZ infections:

  • Use and maintain anti-virus software - Anti-virus software recognizes and protects your computer against most known viruses. It is important to keep your anti-virus software up-to-date (see Understanding Anti-Virus Software for more information).
  • Change your passwords - Your original passwords may have been compromised during the infection, so you should change them (see Choosing and Protecting Passwords for more information).
  • Keep your operating system and application software up-to-date - Install software patches so that attackers can't take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it (see Understanding Patches for more information).
  • Use anti-malware tools - Using a legitimate program that identifies and removes malware can help eliminate an infection. Users can consider employing a remediation tool (examples below) that will help with the removal of GOZ from your system.
F-Secure

http://www.f-secure.com/en/web/home_global/online-scanner (Windows Vista, 7 and 8)

http://www.f-secure.com/en/web/labs_global/removal-tools/-/carousel/view/142 (Windows XP)

Heimdal

http://goz.heimdalsecurity.com/ (Microsoft Windows XP, Vista, 7, 8 and 8.1)

Microsoft

http://www.microsoft.com/security/scanner/en-us/default.aspx (Windows 8.1, Windows 8, Windows 7, Windows Vista, and Windows XP)

Sophos

http://www.sophos.com/VirusRemoval (Windows XP (SP2) and above)

Symantec

http://www.symantec.com/connect/blogs/international-takedown-wounds-gameover-zeus-cybercrime-network (Windows XP, Windows Vista and Windows 7)

Trend Micro

http://www.trendmicro.com/threatdetector (Windows XP, Windows Vista, Windows 7, Windows 8/8.1, Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2)

The above are examples only and do not constitute an exhaustive list. The U.S. Government does not endorse or support any particular product or vendor.

  • Like 5
Link to comment
Share on other sites
  • Replies 89
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

  • Popular Post
Chicog Star Member

Chicog

Posted
  • Author
  • Popular Post
Posted (edited)

It's a virus spread by phishing emails and dodgy links, that's installed itself silently on unprotected computers.

It's already been used to steal an estimated $100m by siphoning off peoples' bank details etc.

Apparently they have temporary control over it so that it can't do anything, but that expires in two weeks.

Because it's now been publicised, they anticipate that as soon as their controls lapse, the criminals that control it will go to work. It can do two things:

(1) Steal your passwords.

(2) (Possibly) Encrypt your hard disk and ask you for money to decrypt it.

They recommend:

(1) Running one of the scanners listed above.

(2) Applying all Windows patches (i.e. do a Windows Update).

(3) Applying all patches to things like Java, Adobe Reader, etc, (Secunia PSI is good for this).

(4) Making sure you have a decent anti-virus package installed, and that you keep it up to date.

(5) Changing your passwords.

Edited by Chicog
  • Like 7
Link to comment
Share on other sites
IMHO Platinum Member

IMHO

Posted
Posted

Really, really thanks.

But can I have the 'Dummies' version please?

Dumb it down to me, explain the implications, that which is affected and what to do.

Thanks

Dummies version:

If your PC runs Windows, go update your antivirus definitions and run a full system scan. Then do it again tomorrow, and the next day, and the next - JIC

If your PC runs OSX, just keep on waiting with baited breath for Yosemite :P

Link to comment
Share on other sites
scorecard Star Member

scorecard

Posted
Posted

<script type='text/javascript'>window.mod_pagespeed_start = Number(new Date());</script>

It's a virus spread by phishing emails and dodgy links, that's installed itself silently on unprotected computers.

It's already been used to steal an estimated $100m by siphoning off peoples' bank details etc.

Apparently they have temporary control over it so that it can't do anything, but that expires in two weeks.

Because it's now been publicised, they anticipate that as soon as their controls lapse, the criminals that control it will go to work. It can do two things:

(1) Steal your passwords.

(2) (Possibly) Encrypt your hard disk and ask you for money to decrypt it.

They recommend:

(1) Running one of the scanners listed above.

(2) Applying all Windows patches (i.e. do a Windows Update).

(3) Applying all patches to things like Java, Adobe Reader, etc, (Secunia PSI is good for this).

(4) Making sure you have a decent anti-virus package installed, and that you keep it up to date.

(5) Changing your passwords.

"It's already been used to steal an estimated $100m by siphoning off peoples' bank details etc."

Can you please share some further information:

Is that meaning cyber based bank accounts (Internet banking), or?

In other words are my simple savings accounts, with Thai banks (not connected to internet banking) also at risk of this skimming?

And, are simple savings account with an ATM card at higher risk compared to accounts with no ATM card?

Please share, and thank you.

Link to comment
Share on other sites
patyh Explorer Member

patyh

Posted
Posted

The information by the OP is in-accurate.

GameOver Zeus original release date is 2007 not 2014.

The FBI has already managed to seize control of the server crucial to the operation of the malware so the risk for GameOver Zeus is extremely low now.

Now of course, if you are running any family of the Windows OS, you should at least have an anti-virus installed..

  • Like 2
Link to comment
Share on other sites
  • Popular Post
Suradit69 Diamond Member

Suradit69

Posted
  • Popular Post
Posted

Really, really thanks.

But can I have the 'Dummies' version please?

Dumb it down to me, explain the implications, that which is affected and what to do.

Thanks

Dummies version:

If your PC runs Windows, go update your antivirus definitions and run a full system scan. Then do it again tomorrow, and the next day, and the next - JIC

If your PC runs OSX, just keep on waiting with baited breath for Yosemite tongue.png

"If your PC runs OSX, just keep on waiting with baited breath for Yosemite"

Bated or baited?

I had a good kitty once whose breath seemed to have been baited by a tuna.

  • Like 3
Link to comment
Share on other sites
ScotBkk Silver Member

ScotBkk

Posted
Posted

Really, really thanks.

But can I have the 'Dummies' version please?

Dumb it down to me, explain the implications, that which is affected and what to do.

Thanks

Dummies version:

If your PC runs Windows, go update your antivirus definitions and run a full system scan. Then do it again tomorrow, and the next day, and the next - JIC

If your PC runs OSX, just keep on waiting with baited breath for Yosemite tongue.png

"If your PC runs OSX, just keep on waiting with baited breath for Yosemite"

Bated or baited?

I had a good kitty once whose breath seemed to have been baited by a tuna.

Same old nitpicking crap by others wanting to undermine members who only want to help !!!! Get a life !!

  • Like 2
Link to comment
Share on other sites
slipperylobster Ruby Member

slipperylobster

Posted
Posted

<script type='text/javascript'>window.mod_pagespeed_start = Number(new Date());</script>

It's a virus spread by phishing emails and dodgy links, that's installed itself silently on unprotected computers.

It's already been used to steal an estimated $100m by siphoning off peoples' bank details etc.

Apparently they have temporary control over it so that it can't do anything, but that expires in two weeks.

Because it's now been publicised, they anticipate that as soon as their controls lapse, the criminals that control it will go to work. It can do two things:

(1) Steal your passwords.

(2) (Possibly) Encrypt your hard disk and ask you for money to decrypt it.

They recommend:

(1) Running one of the scanners listed above.

(2) Applying all Windows patches (i.e. do a Windows Update).

(3) Applying all patches to things like Java, Adobe Reader, etc, (Secunia PSI is good for this).

(4) Making sure you have a decent anti-virus package installed, and that you keep it up to date.

(5) Changing your passwords.

"It's already been used to steal an estimated $100m by siphoning off peoples' bank details etc."

Can you please share some further information:

Is that meaning cyber based bank accounts (Internet banking), or?

In other words are my simple savings accounts, with Thai banks (not connected to internet banking) also at risk of this skimming?

And, are simple savings account with an ATM card at higher risk compared to accounts with no ATM card?

Please share, and thank you.

anyways...normal people back up their data.....best done on an external device.

you also can backup your os/partition.

if ever you do get a problem, then you are ready.

These things go on all the time.

Link to comment
Share on other sites
JesseFrank Platinum Member

JesseFrank

Posted
Posted

Linux, so many avaialable free of charge. If you want for enterprise take a look at RHEL (Red Hat Enterprise Linux). OpenSuse is a great option for windows users. Give a try! thumbsup.gif

Open source is the cause for most of the virus problem in the PC world. Remember heartbleed.

Give it a try laugh.png

Link to comment
Share on other sites
sirchai Ruby Member

sirchai

Posted
Posted

Lucky me, as every thing I own is under my mattress....

Which Operating system are you running on your mattress?

You should ask the flees and other tiny creatures living of his money....

Link to comment
Share on other sites
impulse Star Member

impulse

Posted
Posted (edited)

Mac no attack!

Is this true? I just had a new, Windows 8 computer shipped from America. Should I have gone Apple??whistling.gifbah.gif

Yes

Windows: Tiny chance of losing a lot.

Mac: 100% chance of paying too much for your computer and the software it runs.

It's probably a wash if you keep your security up to date.

Probably notable that the attack is related to Cryptolocker, which encrypts your hard drive until you send them money for the solution. So it's not just about stealing passwords and bank info.

Edited by impulse
Link to comment
Share on other sites
sirchai Ruby Member

sirchai

Posted
Posted

Really, really thanks.

But can I have the 'Dummies' version please?

Dumb it down to me, explain the implications, that which is affected and what to do.

Thanks

Dummies version:

If your PC runs Windows, go update your antivirus definitions and run a full system scan. Then do it again tomorrow, and the next day, and the next - JIC

If your PC runs OSX, just keep on waiting with baited breath for Yosemite tongue.png

"If your PC runs OSX, just keep on waiting with baited breath for Yosemite"

Bated or baited?

I had a good kitty once whose breath seemed to have been baited by a tuna.

Please hang in there, will ask an Irish computer specialist this afternoon. He seems to know all about nothing. When he had a computer problem and I was asking him what system he'd run, he said Google.]

Another, Scottish Computer Specialist, who'd just started to teach computer in an EP setup, can't even make an online booking for an inland flight from Ubon to Bangkok.\

I think it's ground-baited, or bail trapped evidence. Could also be bated Grandma.

We listened with bated breath to Grandma's stories of her travels.

way

`All right, Mrs Bates,' she said. `We'll do it your way'. Or is it actually from Norman Bate's hotel?

Link to comment
Share on other sites
Luxfare Advanced Member

Luxfare

Posted
Posted

Weren't we told planes were going to fall out of the sky and nuclear missiles would self arm on New years eve 2000? Surely if it's a powerful virus it couldn't be put on hold for a couple of weeks?? It would either be permanently disabled or would be live right now. Seems scare mongering by virus protection companies.

  • Like 1
Link to comment
Share on other sites
dharmabm Silver Member

dharmabm

Posted
Posted

Linux, so many avaialable free of charge. If you want for enterprise take a look at RHEL (Red Hat Enterprise Linux). OpenSuse is a great option for windows users. Give a try! thumbsup.gif

Open source is the cause for most of the virus problem in the PC world. Remember heartbleed.

Give it a try laugh.png

cheesy.gifcheesy.gifcheesy.gifcheesy.gifcheesy.gifcheesy.gif

Link to comment
Share on other sites
IMHO Platinum Member

IMHO

Posted
Posted

Mac: 100% chance of paying too much for your computer and the software it runs.

I appreciate that Mac's might be out of many's budget, but they're certainly not overpriced, if you compare apples to apples and understand that quality costs.

I have 130K Baht Sony VAIO-Z I never use at all anymore since work provided me with a 110K Baht Macbook Pro (which runs Windows as well as OSX BTW - it's not about the OS).

The Mac is the first computer I've *ever* used that doesn't piss me off. Hard to put a price on that ;)

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.







×
×
  • Create New...