Symantec: The FBI, the UK's National Crime Agency, as well as a number of international services law enforcement agencies crippled two of the world's most dangerous financial fraud operations: the Gameover Zeus botnet and the network Cryptolocker ransomware. Working with a number of private sector partners, including Symantec, the FBI has seized much of the infrastructure used by these two threats. To respond Symantec has created a new tool that victims can use to completely remove Gameover Zeus.
Gameover Zeus is responsible for millions of infected systems worldwide since early September 2011. Attackers use it to monitor the online banking transactions, defrauding hundreds of customers of financial institutions worldwide. In a recent update, a low level driver component was created to prevent the Trojan from being removed. THE Symantec provides a new tool to remove it, along with the Trojan's additional features.
Cryptolocker is one of the latest and most threatening forms of ransomware ever created. It works by encrypting them archives of the victim from his hard drive. Unlike most malware threats, no fix has been found that can decrypt the affected data. This leaves the victim exposed to either losing personal files or paying the attackers.
GameoverZeus: Advanced financial fraud Trojan
Gameover Zeus is a variation of it Trojan.Zbot, often known as Zeus, using a peer-to-peer network and the domain generation algorithm (DGA) to create a command and then control it. To prevent Gameover Zeus, key nodes in peer networks have been disabled along with the fields produced by DGA.
Symantec has been following this botnet since it first appeared. The botmaster has maintained a relatively stable network of hundreds of thousands of infected computers around the world.
Gameover could be considered the most advanced version of Zeus, and unlike other variants such as Citadel and IceX Trojans, it is not for resale. The botnet can be used to facilitate financial fraud on a large scale, intercepting thousands of online banking transactions of victims. The team behind Gameover Zeus uses it to perform these activities in real time. Gameover Zeus is usually distributed via e-mail, which is presented as an invoice. When an infected user visits his bank account web site via an exposed computer, Gameover monitors the online transaction online using a technique known as man-in-the-browser (MITB). This can override two factor authentication and display misleading bank security messages to the user in order to obtain transaction approval information. Once attackers receive this information, they can now modify users' bank transactions and seize their money.
Symantec continues to monitor the Gameover network and update Internet service providers (ISPs), and CERTs around the world. This data is used to help identify and inform victims in a constant attempt to remove the botnet.
Cryptolocker: An effective blackmail tool
Cryptolocker is one of the many ransomware threats that try to get money from their victims by locking their computers or encrypting their files. Cryptolocker is one of the most dangerous variants of ransomware, since it uses strong encryption that can not be tampered with.
The threat appeared for the first time in September 2013, and while it still includes only a small percentage of total ransomware infections, it has triggered public interest because victims who have not backed up their files are at risk of losing them if they do not pay ransom.
Ransomware, including Cryptolocker, has proven to be extremely lucrative for attackers. Symantec's research shows that on average, 3% of infected users will pay ransom. We believe that ransomware distributors have undoubtedly won tens of millions of dollars last year.
Τα θύματα συνήθως έχουν προσβληθεί από spam emails, τα οποία χρησιμοποιούν τακτικές ‘social engineering' για να τους δελεάσουν να ανοίξουν το συνημμένο αρχείο zip.
Protection
Symantec has released a new tool that removes the Gameover Zeus component. Visit the page (http://www.symantec.com/security_response/writeup.jsp?docid=2014-052915-1402-99) to download the tool, which will allow you to remove this item and then completely remove the Gameover Zeus.