Symantec: The FBI, the United Nations National Crime Agency, and a number of international law enforcement agencies have weakened two of the world's most dangerous financial fraudsters: Gameover Zeus botnet and the Cryptolocker ransomware network. Working with a number of private sector partners, including Symantec, the FBI has seized much of the infrastructure used by these two threats. To respond Symantec has created a new tool, which victims can use to completely remove Gameover Zeus.
Gameover Zeus is responsible for millions of infected systems worldwide since early September 2011. Attackers use it to monitor the online banking transactions, defrauding hundreds of customers of financial institutions worldwide. In a recent update, a low level driver component was created to prevent the Trojan from being removed. THE Symantec provides a new tool to remove it, along with the Trojan's additional features.
Cryptolocker is one of the latest and most threatening forms of ransomware ever created. It works by encrypting the victim's files from their hard drive. Unlike most threats malicioussoftware, no fix has been found that can decrypt the affected data. This leaves the victim exposed to either losing personal files or paying the attackers.
GameoverZeus: Advanced financial fraud Trojan
Gameover Zeus is a variation of it Trojan.Zbot, often known as Zeus, using a peer-to-peer network and the domain generation algorithm (DGA) to create a command and then control it. To prevent Gameover Zeus, key nodes in peer networks have been disabled along with the fields produced by DGA.
Symantec has been following this botnet since it first appeared. The botmaster has maintained a relatively stable network of hundreds of thousands of infected computers around the world.
Gameover could be considered the most advanced version of Zeus, and unlike other variants such as Citadel and IceX Trojans, it is not for resale. The botnet can be used to facilitate financial fraud on a large scale by intercepting thousands of victims' online banking transactions. The team behind Gameover Zeus uses it to perform these activities in real time. Gameover Zeus is usually distributed via email presented as an invoice. When the infected user visits the by clicking here of his bank account through an exposed computer, Gameover monitors the online transaction online, using a technique known as man-in-the-browser (MITB). This can override two factor authentication and display misleading bank security messages to the user in order to obtain transaction approval information. Once attackers receive this information, they can now modify users' bank transactions and seize their money.
Symantec continues to monitor the Gameover network and update Internet service providers (ISPs), and CERTs around the world. This data is used to help identify and inform victims in a constant attempt to remove the botnet.
Cryptolocker: An effective blackmail tool
Cryptolocker is one of the many ransomware threats that try to get money from their victims by locking their computers or encrypting their files. Cryptolocker is one of the most dangerous variants of ransomware, since it uses strong encryption that can not be tampered with.
The threat appeared for the first time in September 2013, and while it still includes only a small percentage of total ransomware infections, it has triggered public interest because victims who have not backed up their files are at risk of losing them if they do not pay ransom.
Ransomware, including Cryptolocker, has proven to be extremely lucrative for attackers. Symantec's research shows that on average, 3% of infected users will pay ransom. We believe that ransomware distributors have undoubtedly won tens of millions of dollars last year.
Victims are usually affected by spam emails, which use 'social engineering' tactics to lure them into opening the attached zip file.
Protection
Η Symantec έχει κυκλοφορήσει ένα νέο εργαλείο που απομακρύνει το στοιχείο του Gameover Zeus. Επισκεφθείτε την σελίδα (http://www.symantec.com/security_response/writeup.jsp?docid=2014-052915-1402-99) to download the tool, which will allow you to remove this item and then completely remove the Gameover Zeus.
