Symantec: The FBI, the United Nations National Crime Agency, and a number of international law enforcement agencies have weakened two of the world's most dangerous financial fraudsters: Gameover Zeus botnet and the Cryptolocker ransomware network. In cooperation with a number of private sector partners, including Symantec, the FBI has seized several of the infrastructure used by these two threats. To respond, Symantec has created a new tool that victims can use to completely remove the Gameover Zeus.
Gameover Zeus is responsible for millions of contaminated systems around the world since early September of 2011. Attackers use it to track online banking, cheating hundreds of clients of financial institutions globally. In a recent update, a low level driver component was created to prevent Trojan removal. OR Symantec provides a new tool to remove it, along with the Trojan's additional features.
Cryptolocker is one of the latest and most threatening forms of ransomware that have been created. It works by encrypting victim's files from its hard disk. Unlike most malware threats, no fix has been found that can decipher the affected data. This leaves the victim exposed either to the loss of personal files or to paying the attackers.
GameoverZeus: Advanced financial fraud Trojan
Gameover Zeus is a variation of it Trojan.Zbot, συχνά γνωστό απλά ως «Zeus», που χρησιμοποιεί ένα peer-to-peer δίκτυο και το domain generation algorithm (DGA) για τη δημιουργία εντολής και κατόπιν τον έλεγχο αυτής. Για να αποτραπεί το Gameover Zeus έχουν απενεργοποιηθεί βασικά nodes σε peer δίκτυα μαζί με τα πεδία που παράγονται από το DGA.
Symantec has been following this botnet since it first appeared. The botmaster has maintained a relatively stable network of hundreds of thousands of infected computers around the world.
Gameover could be considered the most advanced version of Zeus, and unlike other variants such as Citadel and IceX Trojans, it is not for resale. The botnet can be used to facilitate financial fraud on a large scale, intercepting thousands of online banking transactions of victims. The team behind Gameover Zeus uses it to perform these activities in real time. Gameover Zeus is usually distributed via e-mail, which is presented as an invoice. When an infected user visits his bank account web site via an exposed computer, Gameover monitors the online transaction online using a technique known as man-in-the-browser (MITB). Το γεγονός αυτό μπορεί να παρακάμψει το two factor authentication και να εμφανίσει παραπλανητικά μηνύματα τραπεζικής ασφάλειας στον χρήστη με στόχο να αποκτήσει information για την έγκριση της συναλλαγής. Από τη στιγμή που οι επιτιθέμενοι λάβουν αυτές τις πληροφορίες μπορούν πλέον να τροποποιήσουν τις τραπεζικές συναλλαγές των χρηστών και να υποκλέψουν τα χρήματά τους.
Symantec continues to monitor the Gameover network and update Internet service providers (ISPs), and CERTs around the world. This data is used to help identify and inform victims in a constant attempt to remove the botnet.
Cryptolocker: An effective blackmail tool
Cryptolocker is one of the numerous ransomware threats that attempt to extract money from their victims by locking their computer or encrypting their files. Cryptolocker is one of the most dangerous variants of ransomware since it uses strong encryption that cannot be cracked.
The threat first appeared in September 2013, and while it still only accounts for a small percentage of overall ransomware infections, it has sparked public interest because victims who haven't backed up their files are at risk of losing them if they don't pay up. ransom.
Ransomware, including Cryptolocker, has proven to be extremely lucrative for attackers. Symantec's research shows that on average, 3% of infected users will pay ransom. We believe that ransomware distributors have undoubtedly won tens of millions of dollars last year.
Victims are usually affected by spam emails, which use 'social engineering' tactics to lure them into opening the attached zip file.
Protection
Symantec has released a new tool that removes the Gameover Zeus component. Visit the page (http://www.symantec.com/security_response/writeup.jsp?docid=2014-052915-1402-99) to download the tool, which will allow you to remove this item and then completely remove the Gameover Zeus.
