Global malware scam is still imminent

Computers around the UK are still under threat from two insidious pieces of malware called GameOver Zeus and CryptoLocker, warns the National Crime Agency (NCA).

Both pieces of software work together to steal personal information and money from computer users and disrupt their computers.

The NCA temporarily disabled the network that operates the scam, but warns it could be as little as two weeks before hackers get it up and running again, so you should take action to avoid the problem right away (see below).

What are GameOver Zeus and CryptoLocker?

GameOver Zeus (also known as P2PzeuS) infects computers with credential stealing malware after users open ‘phising’ emails on their PCs. Criminals carefully craft phising emails to look like they come credible sources, but phising emails aim to install malicious software or malware onto the user’s computer to steal their passwords, financial or sensitive information.

GameOver Zeus seeks out financial, banking and valuable personal information on the user’s computer. It uses the banking and financial information to get access to the user’s bank or savings accounts, to fraudulently transfer money out of them. It uses their personal data to sell onto other criminals who use it to steal their identities. GameOver Zeus is a more modern variant of the old “Trojan Bug” and is believed to have infected over a million computers across the world.

If GameOver Zeus doesn’t find any financial, banking or valuable personal information on a computer, then CryptoLocker becomes active and begins encrypting files, effectively “locking” the user out of them. Once locked, criminals demand a fee or a “ransom” from users to unlock the files so users can access them again. You may hear CryptoLocker sometimes referred to as “ransomware” for this reason.

Who is responsible?

This latest attack has been attributed to Eugeniy Bogachev, a Russian cybercriminal, who now tops the Federal Bureau of Investigation’s most wanted list.

Who is affected?

Both pieces of malware target PC users using computers operating Microsoft Windows or businesses operating servers that run Microsoft Windows software. They don’t affect Mac users, unless they are running Windows as a virtual machine on their macs, in which case Mac users also need to take action to avoid the problem.

So if your computer starts working slowly, the cursor moves erratically, text chat windows appear unexpectedly, or money is transferred out of your bank account for no good reason, then your machine may have been infected.

What can you do if you think you’ve been infected?

You can check your computer for infection by downloading and using the Microsoft security scanner from here.

If it has been infected you can reomove it by downloading and using the Microsoft malware removal tool from here.

Once your computer is clean, you can avoid getting re-infected by following the advice below or get more advice about malware and ransomeware infection and protection from cert.gov.uk.

What can you do to avoid infection?

You should update both your antivirus software and operating system software immediately, along with updates to all your applications. Keeping these up-to-date will make it less likely you will suffer infections of these types.

You also need to think twice before opening any email or instant message (IM), particularly unsolicited ones from sources you don’t know. Phising emails or instant messages often appear to come from people or sources that you know and trust, so even if you think you know and trust the source, satisfy yourself that the email or IM really is genuine before opening it. And if an email contains any .exe or zip files, never open them unless you know what they are, and were expecting to be sent them from trusted sources.

You should also never open an email or instant message that says “Look at these pictures of you someone has posted online” or has some shock news about a celebrity in them, these are highly likely to be phising attacks.

If you are confident your computer isn’t infected, back up your files to a storage medium you can disconnect, so you can protect them from future infection.

Finally

Only download software and click on links from sources or on websites that you know and trust, always think twice if you get “free” offer emails and instant messages for software, games, music or videos, these are often used to hide malware.

If you’re in the UK and have lost any money to this scam, you can report it to ActionFraud on 0300 123 2040, or use the report fraud link on the ActionFraud website.