GOzeuS and CryptoLocker spawn masses of help  

The malware pair, already branded as cyber-armageden, have also prompted many of the anti-malware vendors to be show their public-spirited side and make available free tools to help track down and remove the malefactors before the day of reckoning    

  • 10 years ago Posted in

As the world sits and waits to see whether the GOzeuS and CryptoLocker cyber attack expected to re-emerge in a couple of weeks’ time really does bring havoc to millions it is hard for most normal people to get a real sense of perspective on what has happened and might happen in less than two weeks.

For example, on the one hand some experts are saying there is nothing that can be done to remove the threat, even if we all ensure that we have the latest updates to our anti-virus programs and run them in time. On the other hand, however, most of the anti-virus specialist vendors already have free tools available that will scour your systems to see if these malware threats are present on your computers, and remove them.

So, that’s OK then, isn’t it? Well, as this writer has run one and looked (as instructed) at the log to see the results of its hard work and found not a single character, let alone word, I am at a loss as to guess whether this laptop is now `safe’, or just a bank robber resting between jobs.

Not surprisingly, of course, the whole affair has spawned acres of expert comment. Here is one of the doom-sayers, Steven Harrison, lead technologist at Exponential-e. 

“Brits cannot defend themselves against GOZeuS and CryptoLocker. The malware double-act will not be stopped in its tracks by individuals updating virus signatures – as the attack will resurface in new clothing. To stop GOZeuS morphing and resurfacing in two weeks, the attack must be fought on a much wider scale and treated as a national cyber defense issue. 

“The disruption of GOZeuS and CryptoLocker by the NSA to provide the British public with a two week window should be applauded. However, there needs to be a shift in how Britain defends against this constant onslaught of attacks of financial, personal or business data.  And, the shift in onus on individuals to protect themselves changed.  

“In this case GOZeuS went undetected as it was passed from one computer to another. This peer-to-peer behaviour would be identified as unusual if you can see the normal behaviour of a workforce, a community or postcode. Only by applying holistic threat detection, that watches the behaviour of a large number of people, can we defend against threats that resurface in a different uniform or attack us for the first time. This must happen at the ISP layer and be provided as a service.” 

The international crisis management firm red24 offered information on how to deal with new computer viruses that have already been responsible for worldwide computer users losing an estimated £60 million.

“The threat of cybercrime is nothing new, but this is a credible threat to anyone who uses Windows software, whether for personal or professional use,” said head of consultancy at red24, Steven Thompson. “Personal users will be particularly vulnerable and should take appropriate measures.

“That is why we are offering this information, so that everyone, whether they are a red24 customer or not, can protect themselves and their personal information. Being given this two-week window is absolutely vital in the fight against these viruses.It is critical that people with computers use this time wisely to make their PCs safe, and that they are aware of the risks involved with the malware.”

When opened, GOZeuS will effectively be able to allow the malware creators to control it remotely. The malware can allow criminals to view files, monitor usage and send communications from the computer, including online banking transactions, personal details, online shopping. It may even be used to turn a webcam on remotely in order to physically monitor the user.

CryptoLocker
This ransomware prevents the user from opening files on their own computer, effectively locking it. A pop-up screen then appears which shows a countdown timer and informs the user that their computer has been locked. A payment of one Bitcoin (currently £200-300 approximately) is demanded from the user. However, even if this ransom is paid, there is no guarantee that the computer will be unlocked. CryptoLocker is often used as a back-up in case GOZeuS fails to work.

There are a number of steps that can be taken in order to limit the risk of a computer being infected by this malware. These include ensuring that all anti-virus software is up-to-date, including patches from existing providers, ensuring the validity of links and email attachments before opening. Be particularly aware of phishing emails, use one of the following free tools listed below, provided by various software companies via Get Safe Online, to scan for the software on your computer:

 Symantec,  F-Secure F-Secure Rescue CDSophos,    Heimdal SecurityMcAfeeTrend Micro

 

Talent and training partner, mthree, which supports major global tech, banking, and business...
On average, only 48% of digital initiatives meet or exceed business outcome targets, according to...
GPUaaS provides customers on-demand access to powerful accelerated resources for AI, machine...
TMF Group, a leading provider of critical administrative services for global businesses, turned to...
Strengthening its cloud credentials as part of its mission to champion the broader UK tech sector...
Nearly all UK IT managers surveyed (98%) state cloud investment is an organisational priority for...
LetsGetChecked is a global healthcare solutions company that provides the tools to manage health...
Node4 to the rescue.