"GAMEOVER PLUS"
If you've been reading my Blog posts you'll remember I wrote about an online-banking Trojan that steals your credentials - It's name was/is Zeus [ed. - pause for clap of thunder and lightning bolt]. Naturally Zeus had children, offshoots of the original; one of those was called "GAMEOVER".
As with many popular threats, eventually the Zeus program code found it's way onto the Internet [ed. - those dark websites where much like a dimly lit alley, you wouldn't usually walk down in the darkest of nights] spawning variations like the a fore mentioned "GAMEOVER".
One spawn leads to another and now there is "GAMEOVER-PLUS" which not only steals your banking info but comes complete with a kernel level ROOTKIT which makes it very hard, and possibly impossible to remove unless your hard drive is wiped clean (i.e. - formatted). The kernel level rootkits mission? To protect Gameover-Plus from being removed.
"And we all know that we shouldn't open suspicious emails with attachments...CORRECT??"
How do you get infected? Currently by email, with an attachment. It may come from a Bank (they will use many different banks hoping one of them will be yours) or from another service with an attachment like "Invoice.zip". And we all know that we shouldn't open suspicious emails with attachments...CORRECT??
Once again, while surfing some of my favorite security Blogs I ran across this information via a post on the SOPHOS security website. If you open the attachment a Trojan downloader is activated, and it's this downloader that brings "Gameover-Plus" into your computer, installs the rootkit which resides on your hard drive AND within the computers memory.
One other aspect the differentiates itself from it's predecessor is that Gameover-plus it controlled peer-to-peer vs. from a remote server. The difference is distinct and could mean while you are trying to remove it, someone on the other end may be actively trying to stop you, something I've run across several times in the field although not specifically for this Trojan.
If you suspect an infection TURN YOUR COMPUTER "OFF" until you can get some professional help to attempt removal. For those interested in the more technical information about this I suggest you read the Blog post on SOPHOS security's site HERE.
'Nuff Said,
Brian
Nice One
ReplyDeleteRouter Login not working
routerlogin admin page
Routerlogin
Routerlogin Net