Cryptolocker and GameoverZeus

National Crime Agency Announcement

On 2 June the UK’s National Crime Agency warned that people have just two weeks to protect themselves against the Cryptolocker ransomware and a strain of the ZeuS (GameoverZeus) password sniffing malware – before both rise from the dead. The FBI disrupted the command and control systems for these pieces of malware, but the National Crime Agency thinks it is only a matter of time before a new command and control system is in place and attackers regain control of the malware.

Andy Archibald, deputy director of the NCA’s National Cyber Crime Unit, offered the following advice, “Our message is simple: update your operating system and make this a regular occurrence, update your security software and use it and, think twice before clicking on links or attachments in unsolicited emails.”

What are Cryptolocker and GameoverZeus?

Both these pieces of software are described as Malware, GameoverZeus is an advanced financial fraud Trojan and Cryptolocker extortion tool. Both are described in detail by the article published by Symantec
http://www.symantec.com/connect/blogs/international-takedown-wounds-gameover-zeus-cybercrime-network which describe both items of software, how they work and gives details on removing GameoverZeus.

How does this affect John or Jane Smith ?

Over the last two days it has been widely report in the media (TV, Radio, Internet, Newspaper) that people have two weeks to protect themselves from the malware and this is generating concern. A number of my colleagues have asked me about protecting their computers.

An important point to remember is not to panic, there are going to be phishing and malware campaigns designed to engineer the panicked individual into downloading malware. These campaigns will offer advice and tools on fighting the oncoming onslaught of malware and try and get your to open an attachment or visit a website, both of which will infect your machine.

It is important to get people to protect their computers, the advice given by Andy Archibald is sound security advice and should be what everyone is doing.

One of the points in an article published by the Register http://www.theregister.co.uk/2014/06/02/nca_gameoverzeus_cryptolocker_warning/ was that "More than 15,000 computers in Blighty alone have been hit by the ZeuS malware". In terms of infection this is a small proportion of personal computers in the UK. The Office for National Statistics report on "Internet Access - Households and Individuals, 2013" says that in Great Britain, 21 million households (83%) had Internet access in 2013. Although this does not give a accurate number of the number of computers in the UK it does indicate that they are tens of millions of computers in households across the UK. The actual infection rate of the Zeus malware is quite small.

It is important that people check their machines for infection, if they have been infected it needs to be removed and Symantec along with the other anti-virus companies have tools to do this. I do recommend that if you are not sure about your own anti-virus is to use a reputable online anti-malware tool that can be run from a website. Again all the reputable companies offer this type of software.

Protecting your machine

My advice is to ensure your operating system is updated and patched. The mechanism for doing this varies according to the operating system; for example, for Microsoft Windows 7, typing Windows Update into the search box in the start menu brings up the Update application so you can check for installed updates and see if there are any outstanding. Most operating systems allow a form of silent automatic update for critical issues.

A number of applications will allow you to check for updates: a useful tool is the Secunia Personal Software Inspector (PSI) https://secunia.com/vulnerability_scanning/personal/, which is a free computer security solution that identifies vulnerabilities in non-Microsoft (third-party) programs.

There is a vast selection of anti-virus and anti-malware software available and selection is down to personal preference. We do recommend that you select a reputable piece of software, and the top 100 list produced by Virus Bulletin has a summary of the performance of the most common antivirus/anti-malware software https://www.virusbtn.com/vb100/archive/summary. Selecting any of the software from the top quadrant https://www.virusbtn.com/vb100/RAP/RAP-quadrant-Aug13-Feb14-1200.jpg will protect your machine.

Conclusion

In summary to protect against malware you need to protect your machine, part of this is not falling for the phishing and malware email campaigns.

• You need to ensure you are not already infected, there are a number of reputable online scanning tools that don't rely on binaries installed on your machine.
• If infected, remove the infection. The well know anti-virus companies have the tools to this.
• Install reputable anti-malware from a well know company
• Ensure Operating systems, browsers and anti-malware are up to date
• Keep the anti-virus definitions up to date.