There has been a lot of talk in the news relating to a virus known a Gameover-Zeus and Cryptolocker and naturally this has created concerns that need to be addressed.
Firstly it seems that many of the articles I have read are saying that this is a new virus, but there are documents describing the advent of Zeus Trojans going back to 2007, with the current botnet variant having been around since 2011 and Cryptolocker since September 2013.
For those who don’t know, a botnet is a group of compromised PCs that can be controlled remotely for illegal activities and, in the case of Gameover-Zeus, it consists of millions of PCs.
So if this Gameover-Zeus threat isn’t new why the sudden media coverage?
What has actually happened is that the server that was controlling the Gameover-Zeus botnet has been taken down in a recent FBI (and other agencies) operation and this is clearly big news as over the years this botnet has enabled the theft/extortion of millions of pounds.
Without the controlling servers the botnet is effectively dormant with no activities being carried out across it but the FBI has warned that it is likely that the controlling servers will be re-established within two weeks and at that time the botnet will come back to life and it is this statement that has led to headlines such as the following one from the independent:-
“Thousands of computer users in Britain were warned today that they have two weeks to take action to protect their machines against a powerful computer virus used to extort millions of pounds from victims worldwide”
While my personal belief is that this sort of headline and other media coverage is a bit sensationalist, it does put the subject in the limelight for home users and, in reality, the majority of infected machines are home computers as they don’t have the same level of support and protection that business machines do.
The hope is that users who were unaware that their computer was infected may act on the news and carry out the recommended procedures which could lead to a major reduction in the number of machines that are part of the Zeus botnet which translates to a reduction in the amount of illegal activity that can happen.
What should you be doing?
There are plenty of sites that provide you with similar recommendations and below are some of the commonly repeated recommendations:-
- Do not open attachments in emails unless you are 100% certain that they are authentic
- Make sure your internet security software is up-to-date and switched on at all times
- Make sure your Windows operating system has the latest Microsoft updates applied
- Make sure your software programs have the latest manufacturers’ updates applied
- Make sure all of your files, including documents, photos, music and bookmarks, are backed up and readily available in case you are no longer able to access them on your computer
As well as the above recommendations, please have a read of my previous blog article as it provides more in-depth information about Cryptolocker.
Firstly, there is no need to panic as you are currently (3rd June 2014) in a better position than you were a few days ago (botnet controller is down) but, as with everything, it pays to proactively project yourself and your business and hopefully this article provides a better understanding of what the current “alarm bells” are ringing for.
The clear advice is the same as we always give, in that we urge you to make sure that you check your antivirus, Windows updates and your backups as this will give you the best level of protection. Having said this there is still a risk linked to opening up an attachment that is carrying the virus as it is continuously being mutated to stay ahead of antivirus/malware protection software so being vigilant and not opening any attachments unless you are 100% certain that you are expecting it is essential.