Tech Talk: Getting Out in Front of Some Nasty Malware

Saturday, June 7, 2014

Getting Out in Front of Some Nasty Malware

I have getting inquiries recently about Cryptolocker and Gameover Zeus (GOZ), largely due to the recent news about takedown of the GOZ botnet and the filing of criminal charges against the Russian-based leader of the criminal group responsible for this malicious software.

This takedown was remarkable because it required synchronized actions by 10 countries to sever and redirect communications between infected systems and the botnet’s decentralized servers. The result is 500 thousand to 1 million computer have been freed from the botnet.

But that is not what actually interests or concerns people at this point. It’s more personal than that. Key questions are boiling down to:
 “Am I at risk?”
 “How do I avoid infection?”
The answers to both of these questions primarily depend on actions by you. And, based on estimates by security experts, you have a limited-time window to protect yourself before this botnet might reappear.

Limited Time?

The takedown of the GOZ botnet has prevented infected computers from communicating with the servers that are either collecting personal or financial information.

If your system happens to be inflected by Cryptolocker, the takedown could also be preventing the encryption of your user documents, photos, and files, holding them for payment of a ransom.

UK's National Crime Agency warned on June 2nd that “There is a unique two-week opportunity for internet users to rid and safeguard themselves from the GOZeuS and Cryptolocker malware.” That was a nearly a week ago.

Some Background

GameoverZeus made its appearance in 2011 as a variant of other Zeus-named malware that would harvest bank account information. It is a Trojan, a piece of malware that pretends to one thing but is actually another.

To get into your system GOZ typically depends on our curiosity as an attachment that appears to from a business or friend. It depends on you to open it. Once activated, it looks for financial information and starts tracking keystrokes to capture login information to your bank or shopping sites.

The results are sent to collection servers so your accounts can be exploited or your purchases rerouted. Over $100 million dollars in losses from businesses and individuals over the past 2 ½ years are attributed to GOZ.

This Is Where It Gets Creepy

Last fall, GOZ, started installing Cryptlocker on the exploited systems that weren’t providing a lot of financial information. Cryptlocker’s goal is to encrypt all your data system with a practically unbreakable scheme. It then pops up a notice saying that you have 72 hours to pay a ransom or the key to your encrypted files will destroyed. The later you pay, the higher the cost.

And if you don’t pay, there is currently no way to get those files back. According to FBI charging documents, this even happened to a local police department in Massachusetts who even had “its main file server, including administrative documents, investigative materials, and digital photo mug shots, encrypted by Cryptolocker.” The police were forced to pay $750 to regain access to their files.

It’s estimated that Cryptolocker has infected over 230,000 computers in less than a year. At least half of those systems are the in the United States.

Sounds pretty dire, doesn’t it. It doesn’t have to be. That depends on what you do, now. We have a narrow window of opportunity to correct this problem and protect your computers and your data, thanks to the botnet takedown. It’s time to get ahead of the bad guys for a change.

And that bring us to your questions…

“Am I at risk?”

You could be. We need to discover whether your computer is impacted or not.

If you have a Mac and don’t have Windows running on the system at all, you’ve ducked the bullet this time. That doesn’t mean that Macs are immune from malware, as I note in a previous Tech Talk.

Steps to determine if you have GOZ or Cryptolocker:
  1. Make sure your anti-virus program is fully updated and run a virus scan. Select any items found and either quarantine or delete them, depending on your anti-virus program
  2. Download an additional security scanner to check the system again. Anti-virus program vary on their detection methods so a second scanner will often find items the first scan did not. Since these scanners only run when you want them to, there is no resident conflict with your regular anti-virus program.  Make sure that the scanner you use is a different brand from your anti-virus program. Here are some free scanner options for you:
  3. Use Windows update on your version of Windows to check for, download and install any updates that have not yet been applied to your system. It’s important to eliminate any vulnerability that could be exploited.
If you believe you have been infected, take the following actions after completing the steps above to eliminate the threat.

Change passwords on your computer and any critical accounts (email, banks & financial institutions, and shopping sites) to reduce an residual effects from the infection.

Review your accounts on these sites, looking for unexpected transactions that you might need to report or contest.

Order copies of your credit reports from to check and appeal any unauthorized activity. This is a free service required by Federal law and provided by TransUnion, EquiFax, and Experian. You are entitled to one free report from each credit reporting agency.

Next week, we will address, “How do I avoid infection?”

In the meantime, take advantage of the moment and use the steps above to determine your risk and take action. Remember:

Life is inherently risky. There is only one big risk you should avoid at all costs, and that is the risk of doing nothing.
---Motivational Speaker Denis Waitley

Do you have a follow up on this topic or technical question on that needs to be answered or explored? Please share it with me at Your question may show up here on Tech Talk.


Post a Comment

We encourage the thoughtful sharing of information and ideas. We expect comments to be civil and respectful, with no personal attacks or offensive language. We reserve the right to delete any comment.
Facebook: Shoreline Area News
Twitter: @ShorelineArea
Daily Email edition (don't forget to respond to the email)

  © Blogger template The Professional Template II by 2009

Back to TOP