Gameover Zeus botnet ‘taken down’ – so what now?

News Tips

In the wake of the exposure and takedown of what the FBI are calling ‘the most sophisticated and damaging botnet we have ever encountered’, Senior Security Researcher David Emm explains exactly what GameOver Zeus means for you, and how you can keep yourself protected.

zeus

 

What is it exactly? How does it work?

The cybercriminals behind this week’s Gameover Zeus attack are using two malicious programs – ZeuS and Cryptolocker. ZeuS consists of a Trojan that searches your computer for personal information such as passwords and financial data. These are downloaded to a victim’s Windows PC by clicking on an attachment. The infected machine then begins to send spam emails to lure in further victims, spreading quickly across the internet.

These types of threats are not uncommon – in our virus lab we see 315,000 unique samples every day – including banking Trojans, ransomware and many other types of malware. In the case of a common banking Trojan like ZeuS, there are literally hundreds of thousands of variants. One reason why so many variants are created is to allow cybercriminals to try to keep control of computers that they have compromised for as long as possible.

Why are people being told they have ‘two weeks’ to protect themselves?

What makes this case different is that the police have managed to take over the Command and Control (C&C) server that controls the botnet and temporarily disable it. In doing so, they have the chance to warn people and give them breathing room in which to protect their systems, before the cybercriminals are able to start using new C&C servers – estimated to be in around two weeks’ time in the UK.

You must ensure that you back up your data regularly. This is particularly important in the case of ransomware. If you have a backup, even if you just manually drag-and-drop your files onto a USB drive, then you can avoid the need to pay the ransom if you do get infected with CryptoLocker.

What should I do now?

People should not only protect their computers, but also ensure they back up their data regularly. This is particularly important in the case of ransomware. If you have a backup, even if you just manually drag-and-drop your files onto a USB drive, then you can avoid the need to pay the ransom if you do get infected with Cryptolocker.

To keep your financial information safe (from Zeus, and from other malware designed to steal your money), just follow these simple rules:

  • Don’t click on links you receive from unknown senders (by emails or in social media networks)
  • Don’t download, open and keep unknown files on your device
  • Don’t use open unsecured (public) Wi-Fi networks for any transactions. Use openVPN traffic encryption
  • Always double-check the webpage before entering any of your credentials or confidential information – phishing sites are deliberately designed to look authentic.
  • Work only with websites with the ‘https’ prefix; they are more secure than those with ‘http’
  • Make sure you have up-to-date anti-malware protection installed
  • If you don’t currently have any Security Software installed you can download it from our online store
  • Don’t forget to use the same protection when using your mobile/tablet device for any transactions