GAMEOVER ZEUS
Gameover, also known as Gameover Zeus, is one of the most notorious botnets of recent times, used to grab covert control of innocent users' computers and to "borrow" them to carry out cybercrime on a giant scale.
The best-known criminal functionality of Gameover is probably its banking-related trickery, where it keeps track of what your computer is doing online until you start some sort of financial transaction.
Then the malware comes alive and grabs the personal information that you type in, such as your username and password, and may even be able to intercept the one-time passcode sent by your bank (what is known as two factor authentication).
Once intercepted, that information is often enough for the crooks to to conduct fraudulent transactions, and with estimates that hundreds of thousands of computers were infected with the Gameover "bot" at any time, the crooks made off with millions of ill-gotten dollars.
In fact, the United States Department of Justice (DoJ) suggests that the Gameover crooks have stolen more than $100,000,000 from users in the US alone.
The DoJ also estimates that US users who have lost money to Gameover make up just 25% of victims worldwide, so we could be looking at global losses of up to half a billion dollars.
But that's not all.
The Cryptolocker menace
CryptoLocker is the poster child (a "Wanted" poster, that is) of the ransomware scene, scrambling all your data and then giving you three days to come up with $300 to buy the key to unscramble it.
In the past, we've seen file-encrypting ransomware that could be "counter-cracked", thanks to cryptographic blunders by the crooks, such as leaving temporary copies of the decryption key on your computer, or neglecting to wipe out the original files after scrambling them.
No such luck with CryptoLocker.
Every time an infected computer calls home to one of the CryptoLocker servers, the crooks generate an RSA key pair, consisting of a public and a private key, on the server.
In public-key cryptography, what the public key locks, only the private key can unlock. (And you can't compute the private key from the public key because of the way the mathematics works.)
So the crooks send your computer the public key; their malware locks up your files with it; and that's that: the private key never, ever exists on your computer, neither on disk nor in memory.
If you don't have a backup and you need to decrypt your data, you have no choice but to buy a copy of the private key from the crooks.
The DoJ suggests that the crew behind CryptoLocker raked in $27,000,000 in September and October 2013 alone, in the first two months that the malware was widely reported.
Another measure of the malware's malevolence came from a survey by the University of Kent in England, which concluded (these are eye-watering statistics) that about 1 in 30 Britons had been hit by CryptoLocker, of whom 40% paid over the blackmail money.
McAfee confirms that global law enforcement agencies across 11 countries have announced the disruption of the communications infrastructure for GameOver Zeus and CryptoLocker under the operation known as “Operation Tovar.”
BACKGROUND & IMPACT
GameOver Zeus (also known as P2PZeuS) has been assessed as being responsible for the fraudulent transfer of hundreds of millions of pounds globally. Recent intelligence has suggested that more than 15,500 computers in the UK are currently infected, with many more potentially at risk.
McAFEE RECOMMENDATION
McAfee DAT 7457 released June 2 provides protection again these malware families.
McAfee also strongly recommends and urges customers to use the updated McAfee Stinger tool (http://www.mcafee.com/stinger) to determine if the malware is on any systems and to delete it. The Stinger tool can also be deployed and managed via McAfee ePO.
MORE INFORMATION
McAfee Blog: http://blogs.mcafee.com/mcafee-labs/game-zeus-cryptolocker
US-CERT: https://www.us-cert.gov/ncas/alerts/TA14-150A
Dept. of Justice: http://www.justice.gov/opa/pr/2014/June/14-crm-584.html
Dept. of Justice: http://www.justice.gov/iso/opa/dag/speeches/2014/dag-speech-140602.html
|