Remove and how to try and stop it
The U.S. Department of Justice announced today – 2nd June 2014 that “Operation Tovar” has taken down the Gameover Zeus botnet.
Adam Meyers, VP of intelligence at CrowdStrike, described the results of Operation Tovar. “Over 500,000 infected machines were effectively disconnected from criminal control,” he said. “The actors behind GOZ and Cryptolocker, which were both impacted by the recent actions, have done significant damage against unsuspecting victims.”
Botnet‘s are not uncommon and often unknown to everyday computer users. Gameover Zeus – which is based on the code from the well-known Zeus Trojan – has been controlled by a core group of cyber criminals in Russia and the Ukraine since 2011 and have used the botnet to carry out large-scale corporate account takeovers and massive distributed denial of service attacks.
A deeper technical explanation of the GameOver Zeus bot can be found on the US Gov site.
How does the ‘GameOver Zeus” bot affect you?
- Microsoft Windows 95, 98, Me, 2000, XP, Vista, 7, and 8
- Microsoft Server 2003, Server 2008, Server 2008 R2, and Server 2012
If your computer has been infected with GameOver Zeus (GOZ) then it ‘may’ be used to send spam, participate in DDoS attacks, and harvest your credentials for online services, including banking services.
Need we say more!
How do I know if I have the bot?
In the UK this is normally in the form of an email form a bank, HMRC or other sources we would normally trust. The email will have an attachment and once downloaded it is likely your PC is infected.
How to protect yourself against the bot!
Firstly check to see if you have an infection on your computer.
TrendMicro have setup some tools to help determine if your PC has been infected. Download and run the appropriate files according to your operating system. (Not sure what you have check out Windows FAQ’s first)
Steps to start to remediate any infection.
Step 1 – First ensure your AntiVrus software is up to date.
Step 2 – Change Passwords on your computer (see here to create strong passwords).
Step 3 – Update your operating system – enable auto updating.
Step 4 – Block email attachments containing executable files or ZIP files with executable files like EXE and SCR.
Step 5 – The Microsoft Enhanced Mitigation Experience Toolkit (EMET) has a proven track record of protecting from attacks—including rare zero-days—before software patches are even available. Also, EMET can be managed in corporate environments using Group Policies.
Step 6 – Use an online solution – The following are just some of the online solutions:
Please note: The following links to popular tools are for information purposes only and should not be interpreted as an endorsement of any particular tool or technology.
Online solutions – Choose your operating system:
- Heimdal Security – http://goz.heimdalsecurity.com/
- F-Secure Rescue CD – http://www.f-secure.com/en/web/labs_global/removal-tools/-/carousel/view/142
- Sophos – http://www.sophos.com/VirusRemoval
Windows Vista 7 & 8
- F-Secure Online scanner – http://www.f-secure.com/en/web/home_global/online-scanner
Windows XP, Vista, 7, 8, 8.1