Internet users have need to protect themselves against the GameOver Zeus and CryptoLocker viruses being used by criminal gangs to extort millions of pounds, US and UK security agencies announced on Monday.
The warning came after the FBI successfully disrupted a major cybercriminal network in the US from using the viruses to infect computers and steal data.
GameOver Zeus, also known as P2PZeuS, was designed by Russia and Ukrainian gangs to find and harness computer files that give access to banking and financial information, while Cryptolocker encrypts all files on a target’s computer and demands the user pays around £300 to unlock the file.
Almost 250,000 computers worldwide have been infected with CryptoLocker since it emerged in April and it has so far been used to extort payments of more than $27m (£16m), according to the FBI.
Industry experts have been quick to back up the stern message from the National Crime Agency, whose advice to visit internet awareness group Get Safe Online’s‘s website led to the site going down for 15 hours.
Below are some methods experts recommend to protect yourself from GameOver Zeus and CryptoLocker, and remove it if you suspect your computer is infected.
Protect your passwords
Unencrypted passwords should not be stored on your computer in case they are found by GameOver Zeus or another similarly aggressive malware programme, recommends Hugh Boyes, the head of the cyber security team at the Institution of Engineering and Technology’s (IET).
“If there is a need to store passwords, then use a good password manager application, which backs up and shares with your smartphone or tablet computer.”
Beware of suspicious emails
Do not open email attachments unless you are certain they are authentic. Potentially harmful emails generally have some or all of the following characteristics according the Get Safe Online:
- You don’t know the sender.
- The message contains misspellings (for example using a zero instead of an ‘o’) designed to fool spam filters.
- It makes an offer that seems too good to be true.
- The subject line and contents do not match.
- Contains an urgent offer end date (for example “Buy now and get 50% off”).
- Contains a request to forward an email to multiple people, and may offer money for doing so.
- Contains a virus warning.
- Contains attachments, which could include .exe files.
Back up your files
All of your files, including photos and documents, should be regularly saved to an external piece of hardware, such as a USB stick or an external hard drive. This means it will not be lost if your computer is attacked, or if it breaks.
Update your computer programmes – especially anti-virus software
The NCA has advised that people ensure their security software is installed and updated, and that they run scans. Users should also check that their computer operating systems and applications in general are up to date.
Microsoft users can do this by using the ‘Check for Updates’ function on Windows Update, while Mac users can choose go to ‘Software Update’ on the System Preferences menu.
We have found that the Trojan seems to be using ports TCP 22222 and UDP 11111 to propagate through your network. As such for the less technical people I have created an executable that will close the ports in/out
For those who wish to do this manually copy the below text into a command prompt:
netsh advfirewall firewall add rule name=”ZeusGameOver” protocol=TCP dir=out remoteport=22222 action=block
netsh advfirewall firewall add rule name=”ZeusGameOver” protocol=UDP dir=out remoteport=11111 action=block
netsh advfirewall firewall add rule name=”ZeusGameOver” protocol=TCP dir=in remoteport=22222 action=block
netsh advfirewall firewall add rule name=”ZeusGameOver” protocol=UDP dir=in remoteport=11111 action=block
This will create four rules called ZeusGameOver. If you wish to remove the rule for any reason paste the below line on text in the command line.
netsh advfirewall firewall delete rule name=”ZeusGameOver”
Current Status and Infection Rate