To Customer Support To Customer Support

GameOver Zeus botnet seized; Two week window to protect yourself, say authorities

Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
Summary: There's a two-week window to protect your Windows PCs from a botnet aiming to swipe credentials.
 
U.S. authorities---the Department of Homeland Security, Federal Bureau of Investigation and Department of Justice---say they have disrupted the systems of the GameOver Zeus botnet, which allows cybercrooks to steal banking credentials.
The move by authorities means there's a two-week window for enterprises and consumers to protect themselves before a wave of botnets is about to hit. GameOver Zeus (GOZ) operates on a peer-to-peer network that's decentralized and can take over Windows PCs (Windows 95, 98, Me, 2000, XP, Vista, 7, 8 and Windows Server 2003, 2008, 2008 R2 and 2012).
 


GOZ typically infects a machine via a phishing attack and other bogus emails.
 
Full Article

28 replies

Ssherjj
Rank
Userlevel 7
Badge +62
@ , Great to have that security post under my belt! 😉 Another Security posted from ZDNet!
 
 
Is this mostly Gamers?
Windows Insider, iMac 2021 27 in i5 Retina 5, iMac OS Sonoma (14.3.1}, Security: iPads, W 10 & (VM:15), ALIENWARE 17R4, W10 Workstation, ALIENWARE 15 R6, W11, Webroot® SecureAnywhere™ Internet Security Complete (Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester. Security
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
No @  it is a strain of malware known as Gameover Zeus used to steal personal and financial data, some strains of it have been known to install Cryptolocker.
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
By Dave Lee Technology reporter, BBC News
 
The US has charged a Russian man with being behind a major cybercrime operation that affected individuals and businesses worldwide.
Evgeniy Bogachev, said to be known as "lucky12345" and "slavik", is accused of being involved in attacks on more than a million computers.
The charges came as authorities seized control of a botnet used to steal personal and financial data.
Computer users were urged to run checks to protect themselves from the threat.
 


 
 
Full Article
 
Ssherjj
Rank
Userlevel 7
Badge +62
Well its a good thing to put a face to the Russian that has hurt millions of computers and the only way to be safe is to stay offline considering the ISPs are affected...Really?
Windows Insider, iMac 2021 27 in i5 Retina 5, iMac OS Sonoma (14.3.1}, Security: iPads, W 10 & (VM:15), ALIENWARE 17R4, W10 Workstation, ALIENWARE 15 R6, W11, Webroot® SecureAnywhere™ Internet Security Complete (Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester. Security
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
This is by no means the first time the Zeus Botnet has been closed down since it was first identified in 2007 and is very difficult to detect and take down for good. The Gameover version is slightly different in that although it is based on the Zeus code it is controlled by a group of hackers based in the Ukraine and Russia and used as basically a means to siphon money from accounts and businesses.
This article was published just before the news was released of the takedown of the botnet but it contains some very valuable information.
 
"It will be interesting to hear how the authorities and security researchers involved in this effort managed to gain control over the Gameover botnet, which uses an advanced peer-to-peer (P2P) mechanism to control and update the bot-infected systems.
 
The addition of the P2P component in Gameover is innovation designed to make it much more difficult for security experts, law enforcement or other Internet do-gooders to dismantle the botnet. In March 2012, Microsoft used a combination of legal maneuvering and surprise to take down dozens of botnets powered by ZeuS (and its code-cousin — SpyEye), by seizing control over the domain names that the bad guys used to control the individual ZeuS botnets.
But Gameover would be far trickier to disrupt or wrest from its creators: It uses a tiered, decentralized system of intermediary proxies and strong encryption to hide the location of servers that the botnet masters use to control the crime machine."
 


The infection and peer-to-peer (P2P) communication mechanism of Gameover ZeuS. Image: Abuse.ch
 
Full Article
Ssherjj
Rank
Userlevel 7
Badge +62
@ thank you for clarification! 🙂
Windows Insider, iMac 2021 27 in i5 Retina 5, iMac OS Sonoma (14.3.1}, Security: iPads, W 10 & (VM:15), ALIENWARE 17R4, W10 Workstation, ALIENWARE 15 R6, W11, Webroot® SecureAnywhere™ Internet Security Complete (Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester. Security
jpasternak
Rank
Userlevel 7
Jasper, a HUGE Thank You for the heads-up.  I've been off-line most of the day and this is the first I'm hearing of this.  Again, thank you.  Now I need to batten down the hatches on the office PCs and servers.  Oh thrill, Oh joy...:@
— Jeff
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
Your welcome Jeff, I am just glad to be of some help.
jpasternak
Rank
Userlevel 7
Well, at least she who has the most toys @ doesn't have to worry about her Mac and iPad on this one. 😃
— Jeff
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
That is very true Jeff.
Ssherjj
Rank
Userlevel 7
Badge +62
Well I've got 4 PCs by the way ...more toys...
Windows Insider, iMac 2021 27 in i5 Retina 5, iMac OS Sonoma (14.3.1}, Security: iPads, W 10 & (VM:15), ALIENWARE 17R4, W10 Workstation, ALIENWARE 15 R6, W11, Webroot® SecureAnywhere™ Internet Security Complete (Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester. Security
Baldrick
Rank
Userlevel 7
Hi Jeff
 
I would have thought that you would be well enough protected with WSA installed.  From what I have heard it seems to be the minimally or not protected at all who are suffering (some 15000 PC in the Uk according to the national news tonight).
 
Regards
 
 
Baldrick
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
jpasternak
Rank
Userlevel 7
Thanks Baldrick.  You're probably right and I may be over-reacting, but I inherited a bit of a mess at  the office.  There never really was a strong IT presence, so, everyone sort of "did their own thing" with respect to AV.  Some folks did not and just merrily clicked away on any link or pop-up that was in front of them.  One of the 3 remaining XP machines had 1,197 PUPs, PUAs and or some other form of malware / virus.  I'm still in shock that it actually booted up.  I'll see how things go tomorrow.
— Jeff
nic
Userlevel 7
Badge +56
Some more coverage with a Webroot response here:
http://www.globalsecuritymag.com/Comment-on-GameOver-Zeus-malware,20140603,45423.html
Baldrick
Rank
Userlevel 7
@ wrote:
Thanks Baldrick.  You're probably right and I may be over-reacting, but I inherited a bit of a mess at  the office.  There never really was a strong IT presence, so, everyone sort of "did their own thing" with respect to AV.  Some folks did not and just merrily clicked away on any link or pop-up that was in front of them.  One of the 3 remaining XP machines had 1,197 PUPs, PUAs and or some other form of malware / virus.  I'm still in shock that it actually booted up.  I'll see how things go tomorrow.
Woah, Jeff...you are just in shock at that.  Kudos to you for just being in shock...I suspect that some might well have had a cardiac arrest given that state of affairs.
 
Hopefully you will soon get them all on the straight and narrow...with WSA's help. of course...;)
 
Regards
 
 
Baldrick
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
Z
Rank
Hello, I have no virus expertise and tend to get hammered by bad ones all of the time- I have seen the news about GameOver and I have Webroot secure server instaled and wonder if there is anything I need to do specifically? I haven't found any instrustions for testing or running a specific fix and would appreciate any input!
 
Thanks in advance
 
Baldrick
Rank
Userlevel 7
Hi zionstrat
 
Welcome to the Community Forums.
 
I am not familiar with Webroot Secure Server?  Are you a business user?  If so then you most probably need to be posting over here.
 
And if not then which of the WSA products are you running?  Let us know and we will try to help.
 
Regards
 
 
Baldrick
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
Z
Rank
Thanks for the response-
 
The product is Webroot secure anywhere, INternet Security Plus 8.0.4.7- BestBuy installed it on my PC after the last attack- 
 
If this isn't the right forum, I'm hoping you might be able to point me in the right direction-
 
Thanks!
ZS
Ssherjj
Rank
Userlevel 7
Badge +62
😃 Yes Welcome zionstrat..https://community.webroot.com/t5/Webroot-SecureAnywhere-Internet/bd-p/WSA-E
 Here ya go!:D
 
 
Also are you around @ for hes good with the BestBuy Help version.
Windows Insider, iMac 2021 27 in i5 Retina 5, iMac OS Sonoma (14.3.1}, Security: iPads, W 10 & (VM:15), ALIENWARE 17R4, W10 Workstation, ALIENWARE 15 R6, W11, Webroot® SecureAnywhere™ Internet Security Complete (Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester. Security
Rakanisheu Retired
Userlevel 7
To answer your question no you dont have to do anything, Webroot will look after you automatically. There is no patches or system modifications required for this infection.
Z
Rank
Great news- Thanks so much! ZS
shorTcircuiT
Rank
Userlevel 7
Hi @ !  The Best Buy version is essentially identical to WSA-Internet Security Plus.  The main difference is simply that instead of the system analyzer it has the System Optimizer instead.
 
Was WSA does cover Gameover, all that is needed is to make sure WSA is up to date.  The Best Buy versionhas protection equal to all other WSA versions.
Ssherjj
Rank
Userlevel 7
Badge +62
Great clarification...appreciate the comeback...;)
Windows Insider, iMac 2021 27 in i5 Retina 5, iMac OS Sonoma (14.3.1}, Security: iPads, W 10 & (VM:15), ALIENWARE 17R4, W10 Workstation, ALIENWARE 15 R6, W11, Webroot® SecureAnywhere™ Internet Security Complete (Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester. Security
Baldrick
Rank
Userlevel 7
Hi zionstrat
 
No problem...glad you have received the answer you were looking for...I would have advised the same but your reference to Webroot Secure Server in your original post confused me as I had not heard of that version....and so I was overly cautious...so as to not risk misinforming you as a result. ;) 
 
Regards
 
 
Baldrick
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
Z
Rank
I'm amazed at the speed and detail of this forumn- Thanks for the reasurance and much appreciated!
ZS

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.