Author Topic: GameOver Zeus / Cryptolocker  (Read 4518 times)

0 Members and 1 Guest are viewing this topic.

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35641
GameOver Zeus / Cryptolocker
« on: Tuesday, 03 June, 2014 @ 01:04:11 »
GameOver Zeus: Computer users given two-week warning over virus threat

Thousands of computer users in Britain were warned today that they have two weeks to take action to protect their machines against a powerful computer virus used to extort millions of pounds from victims worldwide.

The National Crime Agency said the two-week window had been opened after an operation led by the FBI managed to take control of servers used to control the “highly sophisticated” malicious software which has been stealing personal and financial data worldwide.

More than 15,000 machines in the United Kingdom are believed to have been infected with the virus, known as GameOver Zeus, which has been tailored by a criminal gang based in Russia and the Ukraine to search for files that will allow access to banking or financial information. The FBI believes that GameOver Zeus has been responsible for $100m (£60m) in losses.

The virus also distributes another particularly aggressive “malware” programme, called CryptoLocker, which encrypts all files on a target’s computer, including personal photographs, and then demands a “ransom” of about £300 within a specified time limit to unlock the file.

Quite why users only have a fortnight to resolve security issues with their PCs isn’t unfortunately made clear in the press release, which lessens the impact of the message somewhat.

GOZeuS and CryptoLocker

Users are typically infected by clicking on attachments or links in emails which may look like they have been sent by genuine contacts and may purport to carry invoices, voicemail messages, or any file made to look innocuous. These emails are generated by other victims’ computers, who do not realise they are infected, and are used to send mass emails creating more victims.

If the file or link is clicked on an unprotected computer, GOZeuS is downloaded and installed and it will then link the victim’s computer to a network of already-infected machines, known as a BotNet.

The malware waits silently, monitoring the user’s activity until the opportunity arises to capture banking or other private information, which is then transmitted back to the criminals via the BotNet infrastructure.

Where a computer infected with GOZeuS turns out not to offer a significant financial reward, it can ‘call in’ CryptoLocker, to give the criminal controllers a second opportunity to acquire funds from the victim.

CryptoLocker works unseen in the background, encrypting the user’s files. Once that process is complete, the victim is presented with a pop-up telling them what has happened and a timer appears on their screen, which starts counting down. That is the time the victim has in order to pay a ‘discounted’ ransom, currently one Bitcoin (£200-£300 approximately) for UK users.

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35641
Re: GameOver Zeus / Cryptolocker
« Reply #1 on: Tuesday, 03 June, 2014 @ 08:10:03 »
Information, advice and links to removal tools: