Skip to main content
Customer Support Customer Support

GameOver Zeus botnet seized; Two week window to protect yourself, say authorities

Jasper_The_Rasper
Moderator
Forum|alt.badge.img+54
Summary: There's a two-week window to protect your Windows PCs from a botnet aiming to swipe credentials.
 
U.S. authorities---the Department of Homeland Security, Federal Bureau of Investigation and Department of Justice---say they have disrupted the systems of the GameOver Zeus botnet, which allows cybercrooks to steal banking credentials.
The move by authorities means there's a two-week window for enterprises and consumers to protect themselves before a wave of botnets is about to hit. GameOver Zeus (GOZ) operates on a peer-to-peer network that's decentralized and can take over Windows PCs (Windows 95, 98, Me, 2000, XP, Vista, 7, 8 and Windows Server 2003, 2008, 2008 R2 and 2012).
 


GOZ typically infects a machine via a phishing attack and other bogus emails.
 
Full Article
ProTruckDriver
Jasper_The_Rasper
D
16 people like this
  • ProTruckDriver
    ProTruckDriver
  • Jasper_The_Rasper
    Jasper_The_Rasper
  • D
    deanosborne
  • Ssherjj
    Ssherjj
  • TripleHelix
    TripleHelix
  • tasystems
    tasystems
  • mmaner
    mmaner
  • MajorHavoc
    MajorHavoc
  • kleinmat4103
    kleinmat4103
  • Martin.1
    Martin.1
  • F
    franco
  • Kitkat737
    Kitkat737
  • MunkeyMan
    MunkeyMan
  • S
    sitinavra
  • stlshark
    stlshark
  • Jamesharris85
    Jamesharris85

28 replies

Ssherjj
Moderator
Forum|alt.badge.img+62
  • Ssherjj
  • Moderator
  • 21913 replies
  • June 2, 2014
@ , Great to have that security post under my belt! 😉 Another Security posted from ZDNet!
 
 
Is this mostly Gamers?
Windows Insider, iMac 2021 27 in i5 Retina 5, iMac OS Sequoia (15.3.2}, Security: iPads, W 10 & (VM:15), ALIENWARE 17R4, W10 Workstation, ALIENWARE 15 R6, W11, Webroot® SecureAnywhere™ Internet Security Complete (Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester. Security
Jasper_The_Rasper
Moderator
Forum|alt.badge.img+54
No @  it is a strain of malware known as Gameover Zeus used to steal personal and financial data, some strains of it have been known to install Cryptolocker.
Ssherjj
1 person likes this
  • Ssherjj
    Ssherjj
Jasper_The_Rasper
Moderator
Forum|alt.badge.img+54
By Dave Lee Technology reporter, BBC News
 
The US has charged a Russian man with being behind a major cybercrime operation that affected individuals and businesses worldwide.
Evgeniy Bogachev, said to be known as "lucky12345" and "slavik", is accused of being involved in attacks on more than a million computers.
The charges came as authorities seized control of a botnet used to steal personal and financial data.
Computer users were urged to run checks to protect themselves from the threat.
 


 
 
Full Article
 
Ssherjj
jpasternak
2 people like this
  • Ssherjj
    Ssherjj
  • jpasternak
    jpasternak
Ssherjj
Moderator
Forum|alt.badge.img+62
  • Ssherjj
  • Moderator
  • 21913 replies
  • June 2, 2014
Well its a good thing to put a face to the Russian that has hurt millions of computers and the only way to be safe is to stay offline considering the ISPs are affected...Really?
Windows Insider, iMac 2021 27 in i5 Retina 5, iMac OS Sequoia (15.3.2}, Security: iPads, W 10 & (VM:15), ALIENWARE 17R4, W10 Workstation, ALIENWARE 15 R6, W11, Webroot® SecureAnywhere™ Internet Security Complete (Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester. Security
Jasper_The_Rasper
Moderator
Forum|alt.badge.img+54
This is by no means the first time the Zeus Botnet has been closed down since it was first identified in 2007 and is very difficult to detect and take down for good. The Gameover version is slightly different in that although it is based on the Zeus code it is controlled by a group of hackers based in the Ukraine and Russia and used as basically a means to siphon money from accounts and businesses.
This article was published just before the news was released of the takedown of the botnet but it contains some very valuable information.
 
"It will be interesting to hear how the authorities and security researchers involved in this effort managed to gain control over the Gameover botnet, which uses an advanced peer-to-peer (P2P) mechanism to control and update the bot-infected systems.
 
The addition of the P2P component in Gameover is innovation designed to make it much more difficult for security experts, law enforcement or other Internet do-gooders to dismantle the botnet. In March 2012, Microsoft used a combination of legal maneuvering and surprise to take down dozens of botnets powered by ZeuS (and its code-cousin — SpyEye), by seizing control over the domain names that the bad guys used to control the individual ZeuS botnets.
But Gameover would be far trickier to disrupt or wrest from its creators: It uses a tiered, decentralized system of intermediary proxies and strong encryption to hide the location of servers that the botnet masters use to control the crime machine."
 


The infection and peer-to-peer (P2P) communication mechanism of Gameover ZeuS. Image: Abuse.ch
 
Full Article
Ssherjj
jpasternak
2 people like this
  • Ssherjj
    Ssherjj
  • jpasternak
    jpasternak
Ssherjj
Moderator
Forum|alt.badge.img+62
  • Ssherjj
  • Moderator
  • 21913 replies
  • June 2, 2014
@ thank you for clarification! 🙂
Windows Insider, iMac 2021 27 in i5 Retina 5, iMac OS Sequoia (15.3.2}, Security: iPads, W 10 & (VM:15), ALIENWARE 17R4, W10 Workstation, ALIENWARE 15 R6, W11, Webroot® SecureAnywhere™ Internet Security Complete (Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester. Security
Jasper_The_Rasper
1 person likes this
  • Jasper_The_Rasper
    Jasper_The_Rasper
jpasternak
Community Leader
  • jpasternak
  • Community Leader
  • 573 replies
  • June 2, 2014
Jasper, a HUGE Thank You for the heads-up.  I've been off-line most of the day and this is the first I'm hearing of this.  Again, thank you.  Now I need to batten down the hatches on the office PCs and servers.  Oh thrill, Oh joy...:@
— Jeff
Jasper_The_Rasper
Ssherjj
2 people like this
  • Jasper_The_Rasper
    Jasper_The_Rasper
  • Ssherjj
    Ssherjj
Jasper_The_Rasper
Moderator
Forum|alt.badge.img+54
Your welcome Jeff, I am just glad to be of some help.
jpasternak
1 person likes this
  • jpasternak
    jpasternak
jpasternak
Community Leader
  • jpasternak
  • Community Leader
  • 573 replies
  • June 2, 2014
Well, at least she who has the most toys @ doesn't have to worry about her Mac and iPad on this one. 😃
— Jeff
Jasper_The_Rasper
Moderator
Forum|alt.badge.img+54
That is very true Jeff.
Ssherjj
Moderator
Forum|alt.badge.img+62
  • Ssherjj
  • Moderator
  • 21913 replies
  • June 2, 2014
Well I've got 4 PCs by the way ...more toys...
Windows Insider, iMac 2021 27 in i5 Retina 5, iMac OS Sequoia (15.3.2}, Security: iPads, W 10 & (VM:15), ALIENWARE 17R4, W10 Workstation, ALIENWARE 15 R6, W11, Webroot® SecureAnywhere™ Internet Security Complete (Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester. Security
Baldrick
Gold VIP
  • Baldrick
  • Gold VIP
  • 16060 replies
  • June 2, 2014
Hi Jeff
 
I would have thought that you would be well enough protected with WSA installed.  From what I have heard it seems to be the minimally or not protected at all who are suffering (some 15000 PC in the Uk according to the national news tonight).
 
Regards
 
 
Baldrick
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
Shran
jpasternak
2 people like this
  • Shran
    Shran
  • jpasternak
    jpasternak
jpasternak
Community Leader
  • jpasternak
  • Community Leader
  • 573 replies
  • June 3, 2014
Thanks Baldrick.  You're probably right and I may be over-reacting, but I inherited a bit of a mess at  the office.  There never really was a strong IT presence, so, everyone sort of "did their own thing" with respect to AV.  Some folks did not and just merrily clicked away on any link or pop-up that was in front of them.  One of the 3 remaining XP machines had 1,197 PUPs, PUAs and or some other form of malware / virus.  I'm still in shock that it actually booted up.  I'll see how things go tomorrow.
— Jeff
nic
Forum|alt.badge.img+56
  • nic
  • Retired Webrooter
  • 6752 replies
  • June 3, 2014
Some more coverage with a Webroot response here:
http://www.globalsecuritymag.com/Comment-on-GameOver-Zeus-malware,20140603,45423.html
RetiredTripleHelix
Ssherjj
2 people like this
  • RetiredTripleHelix
    RetiredTripleHelix
  • Ssherjj
    Ssherjj
Baldrick
Gold VIP
  • Baldrick
  • Gold VIP
  • 16060 replies
  • June 3, 2014
@ wrote:
Thanks Baldrick.  You're probably right and I may be over-reacting, but I inherited a bit of a mess at  the office.  There never really was a strong IT presence, so, everyone sort of "did their own thing" with respect to AV.  Some folks did not and just merrily clicked away on any link or pop-up that was in front of them.  One of the 3 remaining XP machines had 1,197 PUPs, PUAs and or some other form of malware / virus.  I'm still in shock that it actually booted up.  I'll see how things go tomorrow.
Woah, Jeff...you are just in shock at that.  Kudos to you for just being in shock...I suspect that some might well have had a cardiac arrest given that state of affairs.
 
Hopefully you will soon get them all on the straight and narrow...with WSA's help. of course...;)
 
Regards
 
 
Baldrick
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
Z
New Voice
  • zionstrat
  • New Voice
  • 5 replies
  • June 5, 2014
Hello, I have no virus expertise and tend to get hammered by bad ones all of the time- I have seen the news about GameOver and I have Webroot secure server instaled and wonder if there is anything I need to do specifically? I haven't found any instrustions for testing or running a specific fix and would appreciate any input!
 
Thanks in advance
 
Baldrick
Gold VIP
  • Baldrick
  • Gold VIP
  • 16060 replies
  • June 5, 2014
Hi zionstrat
 
Welcome to the Community Forums.
 
I am not familiar with Webroot Secure Server?  Are you a business user?  If so then you most probably need to be posting over here.
 
And if not then which of the WSA products are you running?  Let us know and we will try to help.
 
Regards
 
 
Baldrick
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
Z
New Voice
  • zionstrat
  • New Voice
  • 5 replies
  • June 6, 2014
Thanks for the response-
 
The product is Webroot secure anywhere, INternet Security Plus 8.0.4.7- BestBuy installed it on my PC after the last attack- 
 
If this isn't the right forum, I'm hoping you might be able to point me in the right direction-
 
Thanks!
ZS
Ssherjj
Moderator
Forum|alt.badge.img+62
  • Ssherjj
  • Moderator
  • 21913 replies
  • June 6, 2014
😃 Yes Welcome zionstrat..https://community.webroot.com/t5/Webroot-SecureAnywhere-Internet/bd-p/WSA-E
 Here ya go!:D
 
 
Also are you around @ for hes good with the BestBuy Help version.
Windows Insider, iMac 2021 27 in i5 Retina 5, iMac OS Sequoia (15.3.2}, Security: iPads, W 10 & (VM:15), ALIENWARE 17R4, W10 Workstation, ALIENWARE 15 R6, W11, Webroot® SecureAnywhere™ Internet Security Complete (Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester. Security
shorTcircuiT
1 person likes this
  • shorTcircuiT
    shorTcircuiT
Rakanisheu Retired
To answer your question no you dont have to do anything, Webroot will look after you automatically. There is no patches or system modifications required for this infection.
Jasper_The_Rasper
Ssherjj
2 people like this
  • Jasper_The_Rasper
    Jasper_The_Rasper
  • Ssherjj
    Ssherjj
Z
New Voice
  • zionstrat
  • New Voice
  • 5 replies
  • June 6, 2014
Great news- Thanks so much! ZS
shorTcircuiT
Gold VIP
Hi @ !  The Best Buy version is essentially identical to WSA-Internet Security Plus.  The main difference is simply that instead of the system analyzer it has the System Optimizer instead.
 
Was WSA does cover Gameover, all that is needed is to make sure WSA is up to date.  The Best Buy versionhas protection equal to all other WSA versions.
Shran
Ssherjj
2 people like this
  • Shran
    Shran
  • Ssherjj
    Ssherjj
Ssherjj
Moderator
Forum|alt.badge.img+62
  • Ssherjj
  • Moderator
  • 21913 replies
  • June 6, 2014
Great clarification...appreciate the comeback...;)
Windows Insider, iMac 2021 27 in i5 Retina 5, iMac OS Sequoia (15.3.2}, Security: iPads, W 10 & (VM:15), ALIENWARE 17R4, W10 Workstation, ALIENWARE 15 R6, W11, Webroot® SecureAnywhere™ Internet Security Complete (Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester. Security
Baldrick
Gold VIP
  • Baldrick
  • Gold VIP
  • 16060 replies
  • June 6, 2014
Hi zionstrat
 
No problem...glad you have received the answer you were looking for...I would have advised the same but your reference to Webroot Secure Server in your original post confused me as I had not heard of that version....and so I was overly cautious...so as to not risk misinforming you as a result. ;) 
 
Regards
 
 
Baldrick
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
shorTcircuiT
1 person likes this
  • shorTcircuiT
    shorTcircuiT
Z
New Voice
  • zionstrat
  • New Voice
  • 5 replies
  • June 6, 2014
I'm amazed at the speed and detail of this forumn- Thanks for the reasurance and much appreciated!
ZS
Baldrick
shorTcircuiT
Jasper_The_Rasper
3 people like this
  • Baldrick
    Baldrick
  • shorTcircuiT
    shorTcircuiT
  • Jasper_The_Rasper
    Jasper_The_Rasper

Reply


Terms & Conditions