Symantec: The FBI, the UK's National Crime Agency, and a host of international law enforcement agencies have brought down two of the most dangerous financial operations scamto him world: the Gameover Zeus botnet και το δίκτυο ransomware Cryptolocker. Σε cooperation με έναν αριθμό εταίρων του ιδιωτικού τομέα, συμπεριλαμβανομένης και της Symantec, το FBI έχει κατασχέσει αρκετές από τις υποδομές που χρησιμοποιήθηκαν από τις δύο αυτές απειλές. Για να ανταποκριθεί η Symantec έχει δημιουργήσει ένα νέο εργαλείο, το οποίο τα θύματα μπορούν να χρησιμοποιήσουν για να αφαιρέσουν πλήρως το Gameover Zeus.
Gameover Zeus is responsible for millions of contaminated systems around the world since early September of 2011. Attackers use it to track online banking, cheating hundreds of clients of financial institutions globally. In a recent update, a low level driver component was created to prevent Trojan removal. OR Symantec provides a new tool to remove it, along with the Trojan's additional features.
Το Cryptolocker αποτελεί μια από τις τελευταίες και πιο απειλητικές μορφές ransomware που έχουν δημιουργηθεί. Λειτουργεί κρυπτογραφώντας τα αρχεία του θύματος από τον σκληρό του δίσκο. Αντίθετα με τις περισσότερες απειλές κακόβουλου λογισμικού, δεν έχει βρεθεί fix που να μπορεί να αποκρυπτογραφήσει τα δεδομένα που επηρεάζονται. Αυτό αφήνει το θύμα εκτεθειμένο είτε στην απώλεια προσωπικών files είτε στο να πληρώσει τους επιτιθέμενους.
GameoverZeus: Advanced financial fraud Trojan
Gameover Zeus is a variation of it Trojan.Zbot, often known as Zeus, using a peer-to-peer network and the domain generation algorithm (DGA) to create a command and then control it. To prevent Gameover Zeus, key nodes in peer networks have been disabled along with the fields produced by DGA.
Symantec has been following this botnet since it first appeared. The botmaster has maintained a relatively stable network of hundreds of thousands of infected computers around the world.
Gameover could be considered the most advanced version of Zeus, and unlike other variants such as Citadel and IceX Trojans, it is not for resale. The botnet can be used to facilitate financial fraud on a large scale by intercepting thousands of victims' online banking transactions. THE team behind Gameover Zeus uses it to perform these activities in real time. Gameover Zeus is usually distributed via email presented as an invoice. When the infected user visits their bank account website through an exposed computer, Gameover monitors the online transaction online, using a technique known as man-in-the-browser (MITB). This can override two factor authentication and display misleading bank security messages to the user in order to obtain transaction approval information. Once attackers receive this information, they can now modify users' bank transactions and seize their money.
Symantec continues to monitor the Gameover network and update Internet service providers (ISPs), and CERTs around the world. This data is used to help identify and inform victims in a constant attempt to remove the botnet.
Cryptolocker: An effective blackmail tool
Cryptolocker is one of the many ransomware threats that try to get money from their victims by locking their computers or encrypting their files. Cryptolocker is one of the most dangerous variants of ransomware, since it uses strong encryption that can not be tampered with.
The threat appeared for the first time in September 2013, and while it still includes only a small percentage of total ransomware infections, it has triggered public interest because victims who have not backed up their files are at risk of losing them if they do not pay ransom.
Ransomware, including Cryptolocker, has proven to be extremely lucrative for attackers. Symantec's research shows that on average, 3% of infected users will pay ransom. We believe that ransomware distributors have undoubtedly won tens of millions of dollars last year.
Victims are usually affected by spam emails, which use 'social engineering' tactics to lure them into opening the attached zip file.
Protection
Symantec has released a new tool that removes the Gameover Zeus component. Visit the page (http://www.symantec.com/security_response/writeup.jsp?docid=2014-052915-1402-99) to download the tool, which will allow you to remove this item and then completely remove the Gameover Zeus.
