GameOver Zeus: Online Security Threat? Or A Reason To Update
It has been widely reported that the malware ‘GameOver Zeus:’ along with it’s partner ‘CryptoLocker’ is about to hit the UK. Online users have 2 weeks to protect themselves against any attack but I cannot help thinking that the whole thing seems a little orchestrated. Even the names look decidedly dodgy, perhaps even a bit catchy.
In brief, the malicious software ‘GameOver Zeus:’, is reported to get into your machine and steal your personal and financial data allowing hackers to access your online banking. If that is not enough, ‘CryptoLocker’ will then encrypt your data (making it inaccessible to you) and then demand payment to unlock it again. It has been reported as “a highly sophisticated piece of software created by Russian criminal gangs”.
There are a few things which worry me about all this:
I have never known a two week advance warning for malware or viruses. Malware is released and then everyone tries to patch against them. Once they spread, they spread quickly. Two weeks is a very long time in computer terms.
Why will this affect the UK?
The Internet has very little in the way of border control. When malware spreads, it hits the entire planet’s network. Does anyone know what the letters WWW mean?
The (US) National Crime Agency are issuing the warnings, Russian gangs are responsible, your bank account will be hacked, and if you do not cough-up a ransom you will lose all your data. Hmmm. It sounds all a bit scary to me.
While ‘CryptoLocker’ seems plausible, if your data was encrypted and locked down, the simple solution would be to erase your computer’s hard drive and re-install the data again from back-up. If a machine is infected with other malware, re-installation of the operating system and re-installation of all data can often be the easiest solution for complete erasure anyway.
But how does ‘GameOver Zeus’ steal my personal and financial data? The communication we have with the bank websites is encrypted with SSL (https) by the banks website itself. They did say it was ‘sophisticated’ software. Perhaps it has a bit of ‘magic’ in it too. Perhaps it is very sophisticated indeed.
How To Protect Yourself From ‘GameOver Zeus:’
The advice being officered is to:
- Update your operating system
- Update your anti-virus
- Don’t open dubious looking (phishing) email
This is all standard stuff which everyone should do anyway, so why now?
Someone Somewhere Wants You To Update Your Operating System
The sheer numbers of machines still running the Windows XP operating system is mind boggling. Many of those machines are using unlicensed copies. It is estimated that of the 300 million users in China alone, less than 1% have genuine licensed copies. It is also estimated that around 30% of the rest of the planet’s genuine XP users have not upgraded from XP and are therefore not contributing to the Microsoft money-making machine.
The creator of the operating system is in the best position to create security holes in its user’s operating system . Users are inclined to trust the supplier to keep their system safe with regular updates. But what if the creator of the operating system wanted to remove the systems in use? All they would need to do is to create some security holes in the systems in use, to take effect on when updates are installed. Then have some malicious software circulated to exploit that security hole.
I strongly suspect that if the GameOver Zeus: Online Security Threat is real, that it will only affect XP Users and especially those with out of date systems. The clock is ticking – time will tell.