Summary: There's a two-week window to protect your Windows PCs from a botnet aiming to swipe credentials.
U.S. authorities---the Department of Homeland Security, Federal Bureau of Investigation and Department of Justice---say they have disrupted the systems of the GameOver Zeus botnet, which allows cybercrooks to steal banking credentials.
The move by authorities means there's a two-week window for enterprises and consumers to protect themselves before a wave of botnets is about to hit. GameOver Zeus (GOZ) operates on a peer-to-peer network that's decentralized and can take over Windows PCs (Windows 95, 98, Me, 2000, XP, Vista, 7, 8 and Windows Server 2003, 2008, 2008 R2 and 2012).
GOZ typically infects a machine via a phishing attack and other bogus emails.
Full Article
Page 1 / 2
Is this mostly Gamers?
No @ it is a strain of malware known as Gameover Zeus used to steal personal and financial data, some strains of it have been known to install Cryptolocker.
By Dave Lee Technology reporter, BBC News
The US has charged a Russian man with being behind a major cybercrime operation that affected individuals and businesses worldwide.
Evgeniy Bogachev, said to be known as "lucky12345" and "slavik", is accused of being involved in attacks on more than a million computers.
The charges came as authorities seized control of a botnet used to steal personal and financial data.
Computer users were urged to run checks to protect themselves from the threat.
Full Article
The US has charged a Russian man with being behind a major cybercrime operation that affected individuals and businesses worldwide.
Evgeniy Bogachev, said to be known as "lucky12345" and "slavik", is accused of being involved in attacks on more than a million computers.
The charges came as authorities seized control of a botnet used to steal personal and financial data.
Computer users were urged to run checks to protect themselves from the threat.
Full Article
Well its a good thing to put a face to the Russian that has hurt millions of computers and the only way to be safe is to stay offline considering the ISPs are affected...Really?
This is by no means the first time the Zeus Botnet has been closed down since it was first identified in 2007 and is very difficult to detect and take down for good. The Gameover version is slightly different in that although it is based on the Zeus code it is controlled by a group of hackers based in the Ukraine and Russia and used as basically a means to siphon money from accounts and businesses.
This article was published just before the news was released of the takedown of the botnet but it contains some very valuable information.
"It will be interesting to hear how the authorities and security researchers involved in this effort managed to gain control over the Gameover botnet, which uses an advanced peer-to-peer (P2P) mechanism to control and update the bot-infected systems.
The addition of the P2P component in Gameover is innovation designed to make it much more difficult for security experts, law enforcement or other Internet do-gooders to dismantle the botnet. In March 2012, Microsoft used a combination of legal maneuvering and surprise to take down dozens of botnets powered by ZeuS (and its code-cousin — SpyEye), by seizing control over the domain names that the bad guys used to control the individual ZeuS botnets.
But Gameover would be far trickier to disrupt or wrest from its creators: It uses a tiered, decentralized system of intermediary proxies and strong encryption to hide the location of servers that the botnet masters use to control the crime machine."
The infection and peer-to-peer (P2P) communication mechanism of Gameover ZeuS. Image: Abuse.ch
Full Article
This article was published just before the news was released of the takedown of the botnet but it contains some very valuable information.
"It will be interesting to hear how the authorities and security researchers involved in this effort managed to gain control over the Gameover botnet, which uses an advanced peer-to-peer (P2P) mechanism to control and update the bot-infected systems.
The addition of the P2P component in Gameover is innovation designed to make it much more difficult for security experts, law enforcement or other Internet do-gooders to dismantle the botnet. In March 2012, Microsoft used a combination of legal maneuvering and surprise to take down dozens of botnets powered by ZeuS (and its code-cousin — SpyEye), by seizing control over the domain names that the bad guys used to control the individual ZeuS botnets.
But Gameover would be far trickier to disrupt or wrest from its creators: It uses a tiered, decentralized system of intermediary proxies and strong encryption to hide the location of servers that the botnet masters use to control the crime machine."
The infection and peer-to-peer (P2P) communication mechanism of Gameover ZeuS. Image: Abuse.ch
Full Article
Jasper, a HUGE Thank You for the heads-up. I've been off-line most of the day and this is the first I'm hearing of this. Again, thank you. Now I need to batten down the hatches on the office PCs and servers. Oh thrill, Oh joy...:@
Well, at least she who has the most toys @ doesn't have to worry about her Mac and iPad on this one. 😃
Hi Jeff
I would have thought that you would be well enough protected with WSA installed. From what I have heard it seems to be the minimally or not protected at all who are suffering (some 15000 PC in the Uk according to the national news tonight).
Regards
Baldrick
I would have thought that you would be well enough protected with WSA installed. From what I have heard it seems to be the minimally or not protected at all who are suffering (some 15000 PC in the Uk according to the national news tonight).
Regards
Baldrick
Thanks Baldrick. You're probably right and I may be over-reacting, but I inherited a bit of a mess at the office. There never really was a strong IT presence, so, everyone sort of "did their own thing" with respect to AV. Some folks did not and just merrily clicked away on any link or pop-up that was in front of them. One of the 3 remaining XP machines had 1,197 PUPs, PUAs and or some other form of malware / virus. I'm still in shock that it actually booted up. I'll see how things go tomorrow.
Some more coverage with a Webroot response here:
http://www.globalsecuritymag.com/Comment-on-GameOver-Zeus-malware,20140603,45423.html
http://www.globalsecuritymag.com/Comment-on-GameOver-Zeus-malware,20140603,45423.html
Woah, Jeff...you are just in shock at that. Kudos to you for just being in shock...I suspect that some might well have had a cardiac arrest given that state of affairs.@ wrote:
Thanks Baldrick. You're probably right and I may be over-reacting, but I inherited a bit of a mess at the office. There never really was a strong IT presence, so, everyone sort of "did their own thing" with respect to AV. Some folks did not and just merrily clicked away on any link or pop-up that was in front of them. One of the 3 remaining XP machines had 1,197 PUPs, PUAs and or some other form of malware / virus. I'm still in shock that it actually booted up. I'll see how things go tomorrow.
Hopefully you will soon get them all on the straight and narrow...with WSA's help. of course...;)
Regards
Baldrick
Hello, I have no virus expertise and tend to get hammered by bad ones all of the time- I have seen the news about GameOver and I have Webroot secure server instaled and wonder if there is anything I need to do specifically? I haven't found any instrustions for testing or running a specific fix and would appreciate any input!
Thanks in advance
Thanks in advance
Hi zionstrat
Welcome to the Community Forums.
I am not familiar with Webroot Secure Server? Are you a business user? If so then you most probably need to be posting over here.
And if not then which of the WSA products are you running? Let us know and we will try to help.
Regards
Baldrick
Welcome to the Community Forums.
I am not familiar with Webroot Secure Server? Are you a business user? If so then you most probably need to be posting over here.
And if not then which of the WSA products are you running? Let us know and we will try to help.
Regards
Baldrick
Thanks for the response-
The product is Webroot secure anywhere, INternet Security Plus 8.0.4.7- BestBuy installed it on my PC after the last attack-
If this isn't the right forum, I'm hoping you might be able to point me in the right direction-
Thanks!
ZS
The product is Webroot secure anywhere, INternet Security Plus 8.0.4.7- BestBuy installed it on my PC after the last attack-
If this isn't the right forum, I'm hoping you might be able to point me in the right direction-
Thanks!
ZS
😃 Yes Welcome zionstrat..https://community.webroot.com/t5/Webroot-SecureAnywhere-Internet/bd-p/WSA-E
Here ya go!:D
Also are you around@ for hes good with the BestBuy Help version.
Here ya go!:D
Also are you around
To answer your question no you dont have to do anything, Webroot will look after you automatically. There is no patches or system modifications required for this infection.
Great news- Thanks so much! ZS
Hi @ ! The Best Buy version is essentially identical to WSA-Internet Security Plus. The main difference is simply that instead of the system analyzer it has the System Optimizer instead.
Was WSA does cover Gameover, all that is needed is to make sure WSA is up to date. The Best Buy versionhas protection equal to all other WSA versions.
Was WSA does cover Gameover, all that is needed is to make sure WSA is up to date. The Best Buy versionhas protection equal to all other WSA versions.
Hi zionstrat
No problem...glad you have received the answer you were looking for...I would have advised the same but your reference to Webroot Secure Server in your original post confused me as I had not heard of that version....and so I was overly cautious...so as to not risk misinforming you as a result. ;)
Regards
Baldrick
No problem...glad you have received the answer you were looking for...I would have advised the same but your reference to Webroot Secure Server in your original post confused me as I had not heard of that version....and so I was overly cautious...so as to not risk misinforming you as a result. ;)
Regards
Baldrick
I'm amazed at the speed and detail of this forumn- Thanks for the reasurance and much appreciated!
ZS
ZS
Page 1 / 2
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.