Tuesday 3 June 2014

"Gameover Zeus" Botnet Disruption...

It has just come to light in the news that a major malware threat has been temporarily neutralised, by a collaboration of public and private organisations globally.  The recent information suggests that over 15,000 computers in the UK are infected.

How does this affect you and your computer?

The malicious software (malware) can be installed onto the computer by either a phishing email or after being downloaded from the internet is some fashion. A Command and Control (C&C) server can communicate with the infected computer and send commands to it, taking control.  All these computers talking back to the server will create a Botnet (Robot Network), which again means the your computer will be controlled as part of a bigger network.

What was the threat of this current malware called "Gameover Zeus"? 

The Gameover Zeus malware would scan the computer for financial information, such as banking details, credit card information, etc.  This information is collected and stored on your computer as a file.  When the Command and Control Server communicates to the infected computer, it would send the financial information to a server on the internet.

I'm safe if I don't have financial information on my computer, right?

Well no, there is a twist that if financial information was no found on the computer, it would install and infect the computer with another piece of malware called Cryptolocker.

 This malware will encrypt the computer and prevent the user from accessing the data on the computer.  This effectively holds the user to ransom, as it will be difficult even for a highly skilled technical person to decrypt the computer, so the only option left is to pay the fee, typically £200-300.

This is effectively like having some unsolicited person come to your house when the owner is out, changing the locks and adding additional security, then making the owner pay before they can gain access to their own house.

If the user is fortunate, then the computer will be decrypted.  If the user is unlucky, the ransom is paid, but they are still stuck with an encrypted computer.

What have these organisations done to disrupt this malware?

These organisations have worked together and taken control of the Command and Control Servers.  With the bad guys unable to access the Command and Control Servers, the financial information can't be harvested and the deployment of the Cryptolocker malware prevented.

The link between the infected computers and the Command and Control Server has been severed.

So I'm safe from the Gameover Zeus malware?

Again no.  The infected computers won't be able to be controlled from the servers that the organisations have seized, but this is only a temporary hitch to the bad guys, as they will be able to deploy new Command and Control Servers.  As soon as these new Command and Control servers are online, they will be able to communicate with the infected computers and carry on where the old servers left off.

Is my computer infected?

Update the anti-virus software and run full scan to check.

What if I don't have anti-virus software installed?

Really??!  If there isn't anti-virus software installed, have a look here for some free scanning solutions.

What else can/should I do?

The usual advice applies:

  • Keep the operating system on the computer up to date
  • Keep the security software on the computer up to date
  • Do not open emails from unknown sources and/or people
  • Don't click on links (in emails or or on the internet) if there is any uncertainty
  • Back up important files such as photos and documents, either into cloud storage or removable media
  • Try not to save passwords in the browser
More and more threats seem to make the news, but it's not a bad thing. Treat these news artcles as a reminder that security awareness needs to be maintained.  And in the words of Hill Street Blues (if you're old enough to remember) "Let's be careful out there"

No comments:

Post a Comment