Surviving Gameover Zeus

You may have seen in the news this week that we have been given a two week head start by the latest high profile security threat, a botnet virus named ‘Gameover Zeus’, to protect ourselves before it unleashes its full fury on our unsuspecting computers. This article seeks to explain what a botnet virus is, how it works and, most importantly, how to protect yourself before it hits.

Gameover Zeus transaction diagram
Image source – http://www.symantec.com/connect/blogs/international-takedown-wounds-gameover-zeus-cybercrime-network

Gameover Zeus is known to be a variant of the Zeus or Zbot family of malware. Its attack is two fold in that not only does it steal passwords to banking and other financial websites (enabling the criminal gang behind its creation access to your accounts), it can also distribute another form of malware (or ransomware) called CryptoLocker which encrypts all personal files on the infected computer and then displays a warning message demanding payment to clean your computer. Essentially they are holding your data to ransom, hence the name.

Computers can be infected with the virus through either of the following methods;

Spam Email – Look out for e-mails from unknown sources asking you to “click here” to pay an outstanding invoice. There may also be an attachment claiming to be an outstanding invoice or tracking sheet for a parcel. This is likely to be spam and by clicking the link or opening the attachment you could automatically infect your computer. As a rule of thumb it’s good practice to never open an e-mail from an unknown sender but more importantly, never click a link in an e-mail that you don’t fully trust. Also be very vigilant when reading e-mails from your bank provider – these are often fake messages that look extremely realistic but will actually steal your passwords and harm your computer. If you need to login to online banking, go directly to the website yourself, do not click a link contained in an e-mail. If in doubt call your bank to discuss the contents of any e-mail to verify whether it is indeed rogue.

Drive-by Download – When you visit a website that is unconsciously hosting the malware it will detect the visit and will automatically download the virus silently to your computer. It’s difficult to know whether a website that you’re visiting has been compromised, however most browsers and search engines will block the connection if they believe that it’s infected.

You can check the see if your computer is infected by running a full scan on your antivirus (if this is kept up to date then it’s unlikely you will be infected). However if you notice any of the following then you will likely be infected and will need to “clean” your computer:

  • Sudden and unexpected slowness of the computer
  • Ghost movements such as the cursor moving on its own or text being typed
  • Unable to open files or do anything without a window popping up saying that your computer is infected and you need to pay money to clean it

Below we will explain how to protect your computer from this and other threats;

  1. Install anti-virus software and ensure that it’s up to date. Some well-known software is;
    1. Windows Defender – Installed by default if you have Windows 8
    2. Microsoft Security Essentials – a free download from Microsoft
    3. AVG offer both a free download and a full suite of protection tools which is a premium and chargeable service
  2. Keep your operating system up to date – Set your computer to automatically download and install updates. If you want to check the status of your updates you can do so by accessing the control panel or security and privacy section of your computer or device
  3. Use common sense – if something doesn’t look quite right, it probably isn’t. If you don’t trust a link or website, don’t click or visit it. Be on high alert all year round
Gameover Zeus infection rates
Image source – http://www.symantec.com/connect/blogs/international-takedown-wounds-gameover-zeus-cybercrime-network

Though this virus is currently making headlines, it has actually been around since 2011 and most of us have been unaffected in this time. With this in mind there is no need to panic about this latest headline grabbing story but instead use this as a reminder to operate good security habits at all times.

Leave a Reply