SecurityDaze: ZEUS + GAMEOVER = ONLINE BANKING NIGHTMARE

Sunday, March 2, 2014

ZEUS + GAMEOVER = ONLINE BANKING NIGHTMARE

"GAMEOVER PLUS"

If you've been reading my Blog posts you'll remember I wrote about an online-banking Trojan that steals your credentials - It's name was/is Zeus [ed. - pause for clap of thunder and lightning bolt]. Naturally Zeus had children, offshoots of the original; one of those was called "GAMEOVER".

As with many popular threats, eventually the Zeus program code found it's way onto the Internet [ed. - those dark websites where much like a dimly lit alley, you wouldn't usually walk down in the darkest of nights] spawning variations like the a fore mentioned "GAMEOVER".

One spawn leads to another and now there is "GAMEOVER-PLUS" which not only steals your banking info but comes complete with a kernel level ROOTKIT which makes it very hard, and possibly impossible to remove unless your hard drive is wiped clean (i.e. - formatted). The kernel level rootkits mission? To protect Gameover-Plus from being removed.

"And we all know that we shouldn't open suspicious emails with attachments...CORRECT??"

How do you get infected? Currently by email, with an attachment. It may come from a Bank (they will use many different banks hoping one of them will be yours) or from another service with an attachment like "Invoice.zip". And we all know that we shouldn't open suspicious emails with attachments...CORRECT??

Once again, while surfing some of my favorite security Blogs I ran across this information via a post on the SOPHOS security website. If you open the attachment a Trojan downloader is activated, and it's this downloader that brings "Gameover-Plus" into your computer, installs the rootkit which resides on your hard drive AND within the computers memory.

One other aspect the differentiates itself from it's predecessor is that Gameover-plus it controlled peer-to-peer vs. from a remote server. The difference is distinct and could mean while you are trying to remove it, someone on the other end may be actively trying to stop you, something I've run across several times in the field although not specifically for this Trojan.

If you suspect an infection TURN YOUR COMPUTER "OFF" until you can get some professional help to attempt removal. For those interested in the more technical information about this I suggest you read the Blog post on SOPHOS security's site HERE.

'Nuff Said,
Brian

1 comment:

Netgear RouterMay 30, 2018 at 4:16 AM
Nice One
Router Login not working
routerlogin admin page
Routerlogin
Routerlogin Net
ReplyDelete
Replies

Add comment

TOP TEN SECURITY TIPS

1. Verify that your wireless router is secured, has a name that does not indicate either your name or the router manufacturer, has WPS disabled, and the admin password is not the default password.

2. Keep your Anti-Virus up-2-date. If you have Symantec Anti-Virus 2011, purchase 2012, and when 2013 comes out, upgrade to it.

3. Quick scan your PC twice a month with Malwarebytes.

4. Update your Adobe Reader/Flash, and Java, directly from their websites. Do not trust the pop-up that says you have updates to install.

5. When a pop-up jumps onto your screen, if you don't know what it is, close it.

6. Outlook users (not Outlook Express), keep your "Viewing Pane" closed.

7. If your PC becomes infected, turn it off until a tech arrives.

8. Keep your data backed up, either via external USB drives, or an online service like Carbonite.

9. Don't be cheap. Free anti-virus software only protects you to a certain point. Symantec Internet 2012 will let you know if a link is good or bad when doing a search. If you consider the cost of the software vs. expensive and time consuming virus/trojan removal, it's a small price to pay.

10. Don't trust your email - too many emails which appear to be legit, are not.