Warning!Gameover Zeus Trojan began to grow strong

The IT company Malcovery Security announced that has revealed criminal cyber group that attempts to recreate a new botnet based on a modified version of the virus Gameover Zeus.
Gameover Zeus Trojan is designed mainly to steal personal financial information. According to recently published material of FBI  ,the botnet has caused damage estimated at over 100 million U.S. dollars worldwide.

Experts note that the blocking of this trojan requires special equipment and united efforts of multiple antivirus labs. In contrast to former Trojans that running through networks of servers and registered domains , Gameover uses peering architecture. Decommissioning or interruptions of one infected computer system does not affect the entire botnet.

Malcovery claim to has detected a spam-emails that sending out the malicious code. The new modification of the Gameover Zeus doesn`t use the P2P structure already ,instead passed to the DGA (domain name generation algorithm) system that allows a hybrid operation of this Trojan – both through peering networks and through a system of random chosen servers .

Read more
No Comments

New Virus Threat: Computer users given two-week warning

GameOver Zeus

 

Thousands of computer users in Britain were warned today that they have two weeks to take action to protect their machines against a powerful computer virus used to extort millions of pounds from victims worldwide.

 

The National Crime Agency said the two-week window had been opened after an operation led by the FBI managed to take control of servers used to control the “highly sophisticated” malicious software which has been stealing personal and financial data worldwide.

More than 15,000 machines in the United Kingdom are believed to have been infected with the virus, known as GameOver Zeus, which has been tailored by a criminal gang based in Russia and the Ukraine to search for files that will allow access to banking or financial information. The FBI believes that GameOver Zeus has been responsible for $100m (£60m) in losses.

The virus also distributes another particularly aggressive “malware” programme, called CryptoLocker, which encrypts all files on a target’s computer, including personal photographs, and then demands a “ransom” of about £300 within a specified time limit to unlock the file.

According to FBI estimates, nearly 250,000 computers worldwide have been infected with CryptoLocker since it emerged in April and it has so far been used to extort payments of more than $27m (£16m). Up to a million machines worldwide are thought to have been infected with GameOver Zeus.

Internet service providers will now contact thousands of customers believed to have been affected by Gameover Zeus, which is distributed via links or attachments in unsolicited emails, offering advice on how to update anti-virus software to disable the virus. A website set up to provide this information appeared to be offline last night.

Andy Archibald, deputy head of the NCA’s cyber-crime unit, said: “Nobody wants their personal financial details, business information or photographs of loved ones to be stolen or held to ransom by criminals. By making use of this two-week window, huge numbers of people in the UK can stop that from happening.”

The warning comes after the FBI and agencies in 10 other countries claimed success in their efforts to crack down on the criminal gang behind the viruses by launching a simultaneous attack on servers used by the gang to control their operation.

The GameOver Zeus malware creates a “botnet”, a network of computers that spread the viruses and transfer banking information back to the gang. Information received by the criminals is then used to initiate or hijack electronic money transfers and direct money into bank accounts overseas.

The FBI said on Monday that it believed it had identified a ringleader of the gang, a Syrian-born Russian called Evgeniy Mikhailovich Bogachev, who remains at large but is now facing 14 criminal charges alleging that he is the “administrator” of GameOver Zeus. He is also accused of being a leader of the “tightly knit gang” behind CyberLocker. There were unconfirmed reports last night that one of the suspects is British.

James Cole, the US Deputy Attorney General, said: “These schemes were highly sophisticated and immensely lucrative, and the cyber criminals did not make them easy to reach or disrupt.”

From a charity worker in London to a plastics manufacturer in Pennsylvania, the victims of Gameover Zeus and CyberLocker viruses are spread across the world and from all walks of life.

The FBI said last night that it had charged a suspected ringleader of the gang behind the malware with involvement in wire fraud after $824,000 (£491,000) was taken from the bank account of Haysite Reinforced Plastics in northwestern Pennsylvania in a single day in 2011.

Going viral: malware victims across the globe

A separate civil complaint names alleged victims including a native American tribe, a police department in Massachusetts and a pest control company in North Carolina.

Neither “botnets” nor “ransomware” are new. But investigators have been taken aback by the sophistication of these particular viruses. According to research by the University of Kent, up to 40 per cent of victims of CyberLocker have decided to pay the ransom, potentially raising million of pounds for the gang.

In one case, a 35-year-old charity worker had her laptop infected with CyberLocker and received a message on her machine giving her 95 hours to pay a $300 (£179) fee to unlock files including photographs and work documents.

The victim said she was refusing to make the payment.

Be secure: protective software

Anti-cybercrime experts today advised computer users to update their internet security software and download a free tool to thwart the powerful viruses.

The not-for-profit organisation set up to provide advice to companies and domestic users said it had put in place measures which would help to defeat GameOver Zeus and CryptoLocker.

The National Crime Agency advised users to consult the Government-backed getsafeonline.org website to download the tailored anti-virus software provided by eight companies.

But Get Safe Online apologised on Monday after its website crashed under the number of requests to view its content.

In a statement, chief executive Tony Neate said: “We have been overwhelmed by the interest of those trying to take action to protect themselves by visiting our page.”

Read more
No Comments

Beware of CryptoLocker malware

PC users are being warned to be on their guard against emails purporting to be from the Royal Mail and containing CryptoLocker, a malicious piece of software that locks computers with an unbreakable encryption.

The email states that a lost or missing package is waiting for you at your local sorting office and asks recipients to download an attachment to find out more. Those who do immediately start to install the CryptoLocker malware on to their computer, without realising what they have done.

CryptoLocker will encrypt all the data on the computer, including photos, music and personal documents, using a public key.

A message will then appear on the screen stating that all of the data is locked and can only be unlocked with a private key, which the scammers promise to hand over once the computer owner has sent them a payment.

The fraudulent Royal Mail email was discovered when a victim contacted the Action Fraud call centre. It is the second piece of malware hidden in a fake Royal Mail email that has come to light in recent months.

As a result of the scams, Royal Mail has issued advice warning members of the public that it will never include attachments in an unsolicited email, and stating that it does not email its customers asking for any personal information. It has also notified the National Fraud Intelligence Bureau.

“We encourage any customer who receives a suspicious email claiming to be from Royal Mail to contact our customer services department on 08457 740 740,” a spokesperson said, adding that the company follows “robust security procedures” to protect its customers.

Anyone wishing to book a redelivery of a Royal Mail parcel can do so online at the Royal Mail website.

Scammers using CryptoLocker typically ask for ransoms of either $300 or €300, which must be sent through an anonymous pre-paid cash voucher such as MoneyPak or Ukash or the equivalent amount in Bitcoins.

If the extortionists do not receive the payment within 72 to 100 hours, victims are warned the private key will be destroyed and nobody will ever be able to recover their data.

The encryption uses publicly available, well-established algorithms developed by governments and other legitimate bodies that means it is widely seen as unbreakable. When Guardian Money warned readers about CryptoLocker ransomware in October, a spokesperson for security firm Sophos told us that “if you haven’t got back up and you get hit by CryptoLocker, you may as well have dropped your PC over the side of the bridge”.

Since then, it is estimated that more than 250,000 PCs have been infected and the UK’s National Crime Agency has warned 10 million UK-based email users are being targeted.

Only PCs running Windows can be infected but the CryptoLocker malware can be hidden in any executable attachment or sneak on to your computer via a driveby download from a disreputable or infected website.

Read more
No Comments