Personal Blog

GameOver Zeus: Online Security Threat? Or A Reason To Update

GameOver Zeus

It has been widely reported that the malware ‘GameOver Zeus:’ along with it’s partner ‘CryptoLocker’ is about to hit the UK. Online users have 2 weeks to protect themselves against any attack but I cannot help thinking that the whole thing seems a little orchestrated. Even the names look decidedly dodgy, perhaps even a bit catchy.

In brief, the malicious software ‘GameOver Zeus:’, is reported to get into your machine and steal your personal and financial data allowing hackers to access your online banking. If that is not enough, ‘CryptoLocker’ will then encrypt your data (making it inaccessible to you) and then demand payment to unlock it again. It has been reported as “a highly sophisticated piece of software created by Russian criminal gangs”.

There are a few things which worry me about all this:

Advance Warning

I have never known a two week advance warning for malware or viruses. Malware is released and then everyone tries to patch against them. Once they spread, they spread quickly. Two weeks is a very long time in computer terms.

Why will this affect the UK?

The Internet has very little in the way of border control. When malware spreads, it hits the entire planet’s network. Does anyone know what the letters WWW mean?

Scare-mongering

The (US) National Crime Agency are issuing the warnings, Russian gangs are responsible, your bank account will be hacked, and if you do not cough-up a ransom you will lose all your data. Hmmm. It sounds all a bit scary to me.

While ‘CryptoLocker’ seems plausible, if your data was encrypted and locked down, the simple solution would be to erase your computer’s hard drive and re-install the data again from back-up. If a machine is infected with other malware, re-installation of the operating system and re-installation of all data can often be the easiest solution for complete erasure anyway.

But how does ‘GameOver Zeus’ steal my personal and financial data? The communication we have with the bank websites is encrypted with SSL (https) by the banks website itself. They did say it was ‘sophisticated’ software. Perhaps it has a bit of ‘magic’ in it too. Perhaps it is very sophisticated indeed.

How To Protect Yourself From ‘GameOver Zeus:’

The advice being officered is to:

  1. Update your operating system
  2. Update your anti-virus
  3. Don’t open dubious looking (phishing) email

This is all standard stuff which everyone should do anyway, so why now?

Someone Somewhere Wants You To Update Your Operating System

The sheer numbers of machines still running the Windows XP operating system is mind boggling. Many of those machines are using unlicensed copies. It is estimated that of the 300 million users in China alone, less than 1% have genuine licensed copies. It is also estimated that around 30% of the rest of the planet’s genuine XP users have not upgraded from XP and are therefore not contributing to the Microsoft money-making machine.

The creator of the operating system is in the best position to create security holes in its user’s operating system . Users are inclined to trust the supplier to keep their system safe with regular updates. But what if the creator of the operating system wanted to remove the systems in use? All they would need to do is to create some security holes in the systems in use, to take effect on when updates are installed. Then have some malicious software circulated to exploit that security hole.

I strongly suspect that if the GameOver Zeus: Online Security Threat is real, that it will only affect XP Users and especially those with out of date systems. The clock is ticking – time will tell.

External Reports:

expressandstar.com

independent.co.uk

mirror.co.uk

 

 

One Response to GameOver Zeus: Online Security Threat? Or A Reason To Update

  • Hi Andy

    My contribution to this results from 30 years in the PC support business so here goes.

    The Zeus and CryptoLocker intrusions have been around since last September (at least CryptoLocker has anyway). Nothing has changed since then as far as, if you blindly open links in emails, then you have a good chance of getting infected by something bad. Common sense rules here. your bank doesn’t email you and the same applies for most similar institutions.

    A good antivirus solution will help but in most cases this type of infection will bypass those since you are explicitly giving the infection permission to do its job. Installing a program called CryptoPrevent will go a long way to blocking CryptoLocker and similar attacks, but this 2 month window is a load of hype.

    As for the media scare, all that happened was that some of the CryptoLocker servers were shut down and someone “guessed” that it might take 2 months for them to get back online again.

    A good backup (local and/or online) is a must for anyone who values data or documents, and safe browsing, assisted by something like Malwarebytes to alert when you are attempting to go to a “bad” site is a good strategy.

    As I say – common sense rules.

    Rant over – hope all is well with you and yours, and congrats on the anniversary.