Windows PC Security Threat - Gameover Zeus & CryptoLocker

[kinboshi]

If you've had your head buried in the sand, you might not be aware of this current attack/impending threat:

https://www.getsafeonline.org/nca/

This page has been created to help you protect your computer, your finances, your identity and your family against a new global online threat. The threat is targeted at random private individuals and small businesses, so it is critical that you read this page and apply our advice immediately if you have a computer running any version of the Windows operating system – including Windows running as a virtual machine on an Apple Mac, any server running Windows and Windows embedded. This is not a case of isolated attacks, as over 15,000 computers in the UK alone are thought to have been already affected.

This warning is not intended to cause you panic but we cannot over-stress the importance of taking these steps immediately. This is because the UK’s National Crime Agency (NCA) has taken temporary control of the communications used to connect with infected computers, but expects only a very limited window of opportunity to ensure you are protected.

There is a set of links at the bottom of this page to tools that will check your computer for the presence of this malware. If you do nothing else. please use one of these tools immediately.

The threat

Cyber criminals are constantly devising new types of malware to commit financial theft, fraud, identity theft and other crimes against ordinary people. The proceeds of their crime are also used to fund further organised crime. This latest threat is particularly insidious as it uses two different types of malware to infect your computer in order to commit these crimes:

1. A virus known as Gameover Zeus, GOZeus, or P2PZeus

This is a type of aggressive malware which infects your computer so that it can effectively be ‘taken over’ by the criminals. It can be used for a number of different criminal activities such as viewing your files, monitoring your bank accounts, sending emails in your name and even using your webcam to physically spy on you.

2. Ransomware known as CryptoLocker

CryptoLocker is a virus which criminals use to prevent you opening any files – effectively locking down your PC – before issuing you with a ransom demand. If you pay the ransom, there is no guarantee that it will be unlocked. Once your computer is locked, it is effectively rendered useless as you cannot access your email, files, photos, music or bookmarks.

How computers get infected

You probably receive many emails claiming to be from your or another bank, a government body or other official source, urging you to check your account, claim a refund or other action. Many of these are phishing emails containing links to bogus websites, or attachments which you are told to open, which actually contain malware hidden in what is known as a Trojan. In this case, the criminals have also stolen or hacked email lists and can make it make it appear as if these are spam emails coming from a friend's email account.

In this particular attack, the act of opening the attachment in such an email automatically ‘tells’ the Trojan to download the Gameover Zeus and CryptoLocker from a server normally located abroad, of which there are thousands which exist purely for criminal purposes.

How does the attack work?

If Gameover Zeus cannot ‘find’ enough on your computer to make a profit for the criminals, CryptoLocker will take over, effectively lock down your machine and demand a ransom.

What you need to do NOW

Your internet service provider (ISP) may have sent you a letter or email warning you about this threat. They will know that your computer is infected because the NCA – working with other law enforcement bodies around the world – has taken over thousands of the criminal servers and examined the records. You must follow the advice on this page straight away. Even then, if your computer has been locked down by CryptoLocker, it is too late.

Remember that making sure that updating your operating system and software are good habits to get into so you should be doing this on a regular basis.

Important warning about emails

Cyber criminals will also exploit this situation by sending out further phishing emails claiming to be from your ISP or a law enforcement agency, urging you to click on a link or open an attachment for the remedy. You could also receive a similar email which appears to have been sent by a friend, family member or colleague, but which has actually been sent automatically by a computer infected with the malware and ransomware. Read our advice on spam and scam emails at www.getsafeonline.org/protecting-your-computer/spam-and-scam-email

Scan for and remove Gameover Zeus malware and CryptoLocker software

Free tools have been specially developed and made available to you by a number of internet security software companies. You can use any of these tools regardless of the make of internet security software you normally use.

Symantec

http://www.symantec.com/security_response/writeup.jsp?docid=2014-052915-1402-99

F-Secure

F-Secure Online scanner (Windows Vista, 7 and 8 )
http://www.f-secure.com/en/web/home_global/online-scanner
F-Secure Rescue CD (Windows XP systems)
http://www.f-secure.com/en/web/labs_global/removal-tools/-/carousel/view/142

Kaspersky

http://support.kaspersky.com/viruses/utility#kasperskyvirusremovaltool (if you think your computer is infected with malware)

http://support.kaspersky.com/8005 (WindowsUnlocker utility for if your computer is infected with CryptoLocker)

Sophos
http://www.sophos.com/VirusRemoval (Windows XP (SP2) and above)

Heimdal Security

http://goz.heimdalsecurity.com/ (Microsoft Windows XP, Vista, 7, 8 and 8.1.)

Microsoft

http://www.microsoft.com/security/scanner/en-us/default.aspx Microsoft Safety Scanner (Windows 8.1, Windows 8, Windows 7, Windows Vista, and Windows XP)

McAfee

www.mcafee.com/stinger

Trend Micro
www.trendmicro.com/threatdetector
(Windows XP, Vista, Windows, Windows 8/8.1, Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2).

Report a loss

If you think you have lost money through malware such as Gameover Zeus and CryptoLocker, you should report it to Action Fraud at www.actionfraud.police.uk or by calling 0300 123 2040.

So worth doing a scan of your PC just to give yourself peace of mind.  You don't want everything on your hard drive being encrypted and basically lost to you unless you pay a ransom for it...

[byronkincaid]

http://www.foolishit.com/vb6-projects/cryptoprevent/

[RED-DOG]

If you've had your head buried in the sand, you might not be aware of this current attack/impending threat:

https://www.getsafeonline.org/nca/

This page has been created to help you protect your computer, your finances, your identity and your family against a new global online threat. The threat is targeted at random private individuals and small businesses, so it is critical that you read this page and apply our advice immediately if you have a computer running any version of the Windows operating system – including Windows running as a virtual machine on an Apple Mac, any server running Windows and Windows embedded. This is not a case of isolated attacks, as over 15,000 computers in the UK alone are thought to have been already affected.

This warning is not intended to cause you panic but we cannot over-stress the importance of taking these steps immediately. This is because the UK’s National Crime Agency (NCA) has taken temporary control of the communications used to connect with infected computers, but expects only a very limited window of opportunity to ensure you are protected.

There is a set of links at the bottom of this page to tools that will check your computer for the presence of this malware. If you do nothing else. please use one of these tools immediately.

The threat

Cyber criminals are constantly devising new types of malware to commit financial theft, fraud, identity theft and other crimes against ordinary people. The proceeds of their crime are also used to fund further organised crime. This latest threat is particularly insidious as it uses two different types of malware to infect your computer in order to commit these crimes:

1. A virus known as Gameover Zeus, GOZeus, or P2PZeus

This is a type of aggressive malware which infects your computer so that it can effectively be ‘taken over’ by the criminals. It can be used for a number of different criminal activities such as viewing your files, monitoring your bank accounts, sending emails in your name and even using your webcam to physically spy on you.

2. Ransomware known as CryptoLocker

CryptoLocker is a virus which criminals use to prevent you opening any files – effectively locking down your PC – before issuing you with a ransom demand. If you pay the ransom, there is no guarantee that it will be unlocked. Once your computer is locked, it is effectively rendered useless as you cannot access your email, files, photos, music or bookmarks.

How computers get infected

You probably receive many emails claiming to be from your or another bank, a government body or other official source, urging you to check your account, claim a refund or other action. Many of these are phishing emails containing links to bogus websites, or attachments which you are told to open, which actually contain malware hidden in what is known as a Trojan. In this case, the criminals have also stolen or hacked email lists and can make it make it appear as if these are spam emails coming from a friend's email account.

In this particular attack, the act of opening the attachment in such an email automatically ‘tells’ the Trojan to download the Gameover Zeus and CryptoLocker from a server normally located abroad, of which there are thousands which exist purely for criminal purposes.

How does the attack work?

If Gameover Zeus cannot ‘find’ enough on your computer to make a profit for the criminals, CryptoLocker will take over, effectively lock down your machine and demand a ransom.

What you need to do NOW

Your internet service provider (ISP) may have sent you a letter or email warning you about this threat. They will know that your computer is infected because the NCA – working with other law enforcement bodies around the world – has taken over thousands of the criminal servers and examined the records. You must follow the advice on this page straight away. Even then, if your computer has been locked down by CryptoLocker, it is too late.

Remember that making sure that updating your operating system and software are good habits to get into so you should be doing this on a regular basis.

Important warning about emails

Cyber criminals will also exploit this situation by sending out further phishing emails claiming to be from your ISP or a law enforcement agency, urging you to click on a link or open an attachment for the remedy. You could also receive a similar email which appears to have been sent by a friend, family member or colleague, but which has actually been sent automatically by a computer infected with the malware and ransomware. Read our advice on spam and scam emails at www.getsafeonline.org/protecting-your-computer/spam-and-scam-email

Scan for and remove Gameover Zeus malware and CryptoLocker software

Free tools have been specially developed and made available to you by a number of internet security software companies. You can use any of these tools regardless of the make of internet security software you normally use.

Symantec

http://www.symantec.com/security_response/writeup.jsp?docid=2014-052915-1402-99

F-Secure

F-Secure Online scanner (Windows Vista, 7 and 8 )
http://www.f-secure.com/en/web/home_global/online-scanner
F-Secure Rescue CD (Windows XP systems)
http://www.f-secure.com/en/web/labs_global/removal-tools/-/carousel/view/142

Kaspersky

http://support.kaspersky.com/viruses/utility#kasperskyvirusremovaltool (if you think your computer is infected with malware)

http://support.kaspersky.com/8005 (WindowsUnlocker utility for if your computer is infected with CryptoLocker)

Sophos
http://www.sophos.com/VirusRemoval (Windows XP (SP2) and above)

Heimdal Security

http://goz.heimdalsecurity.com/ (Microsoft Windows XP, Vista, 7, 8 and 8.1.)

Microsoft

http://www.microsoft.com/security/scanner/en-us/default.aspx Microsoft Safety Scanner (Windows 8.1, Windows 8, Windows 7, Windows Vista, and Windows XP)

McAfee

www.mcafee.com/stinger

Trend Micro
www.trendmicro.com/threatdetector
(Windows XP, Vista, Windows, Windows 8/8.1, Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2).

Report a loss

If you think you have lost money through malware such as Gameover Zeus and CryptoLocker, you should report it to Action Fraud at www.actionfraud.police.uk or by calling 0300 123 2040.

So worth doing a scan of your PC just to give yourself peace of mind.  You don't want everything on your hard drive being encrypted and basically lost to you unless you pay a ransom for it...

tl;dr

[Waz1892]

Thank-you Daniel. Aware of the threat of course, does it matter;

I have a mac? Less of a threat?   Best virus protection for a mac?

I have AVG protection on my Windows Laptop - but this is now rarely used should I still scan this?

Are my iPhone/ iPad at risk (I have banking apps on my iPhone)

Do you know if I simply scan my PCs and ensured the latest  OS that is covering me (as best as possible at least)

Can I only get the virus by mistakenly opening up an email I probably shouldn't have? And if I don't I have no threat?

[kinboshi]

If you run a Windows environment on your Mac, then that'll need checking. Your other Mac stuff should be fine (from this attack).

I'd definitely scan the laptop you use occasionally. It might be less up to date in terms of updates and anti-virus, etc.

I use Microsoft Security Essentials for my virus protection, and it seems to do me fine.

The Gameover Zeus virus usually infects a computer after someone clicks on a dodgy link in an email, but it's not the only way it can infect a PC. Worth running the checks just in case.

[Waz1892]

If you run a Windows environment on your Mac, then that'll need checking. Your other Mac stuff should be fine (from this attack).

I'd definitely scan the laptop you use occasionally. It might be less up to date in terms of updates and anti-virus, etc.

I use Microsoft Security Essentials for my virus protection, and it seems to do me fine.

The Gameover Zeus virus usually infects a computer after someone clicks on a dodgy link in an email, but it's not the only way it can infect a PC. Worth running the checks just in case.

I'm not very techy to be honest - Windows environment?  I have word/excel/PowerPoint on the mac from Microsoft- but it runs off the safari browser and mac operating system XS Lion or something!?

Should I get anti virus for the mac- if so any recommendations?

I will scan the old laptop- thanks

[titaniumbean]

he means if you run windows xp, or windows vista, or windows 8 virtually on your pc (if you don't know what this means then you arent!)  then you should check that install is clear of it. if you just use a mac and happen to just use some microsoft branded products you don't have to worry.

[Marky147]

Thanks for the heads up, Dan.

[Waz1892]

he means if you run windows xp, or windows vista, or windows 8 virtually on your pc (if you don't know what this means then you arent!)  then you should check that install is clear of it. if you just use a mac and happen to just use some microsoft branded products you don't have to worry.

I dont so i guess i cant! Thanks.

Im now concious though that i havent got any virus protection at all with the mac to my knowledge, as ive always been on the understanding 99.9% of virus are "for" windows so dont have to be as worried.

Is this still the case? What would be the reccomendation for some virus protection software

[RED-DOG]

OK Dan, joking aside, are all those links safe and which one should I use? I have already scanned my computer with my own (Microsoft) anti virus software.