Follow_us_on_Twitter_180x180

proUpdate

Free SMTP


Free mail relay service withOutMail


GOZeus Botnet is taken down

An international operation led by the FBI had taken control of the GameOver Zeus (GOZeuS) and CryptoLocker botnets, a network of captured computers used to steal millions of dollars from individuals and small businesses around the world.

Cyber police agencies from across the globe announced they had seized control over the weekend of two computer networks that had been used to steal banking information and ransom information locked in files on infected computers. But they warned people with infected computers to take action now to prevent further attacks.

Authorities named Russian national Evgeniy Bogachev (online user ID of "lucky12345" and "slavik") as the face of a malicious software scheme responsible for stealing millions from people around the world.

GOZeuS (GameOver Zeus) and CryptoLocker

Users are typically infected by clicking on attachments or links in emails which may look like they have been sent by genuine contacts and may purport to carry invoices, voicemail messages, or any file made to look innocuous. These emails are generated by other victims' computers, who do not realise they are infected, and are used to send mass emails creating more victims.

If the file or link is clicked on an unprotected computer, GOZeuS is downloaded and installed and it will then link the victim's computer to a network of already-infected machines, known as a BotNet.

The malware waits silently, monitoring the user's activity until the opportunity arises to capture banking or other private information, which is then transmitted back to the criminals via the BotNet infrastructure.

Where a computer infected with GOZeuS turns out not to offer a significant financial reward, it can 'call in' CryptoLocker, to give the criminal controllers a second opportunity to acquire funds from the victim.

CryptoLocker works unseen in the background, encrypting the user's files. Once that process is complete, the victim is presented with a pop-up telling them what has happened and a timer appears on their screen, which starts counting down. That is the time the victim has in order to pay a 'discounted' ransom, currently one Bitcoin (£200-£300 approximately) for UK users.

cryptolocker and gozeus botnet

What's the sensible solution?

It all starts with good patch management. Ensure your servers, desktops and portable devices get regular software and OS updates. If you don't keep your machines updated then you are opening yourself and your business to an array of well-known exploits and vulnerabilities. We at Prolateral can't emphasise enough, "Patch patch and patch".

So your patching your devices, great. Next step is to ensure you are running a good anti-virus and malware scanner on the desktops and servers.  Don't just rely on the realtime scanning, make sure you schedule full AV Scans on a regular basis.

After that you should the question, "How good is my router". Check your router (most likely provided by your ISP) has a good firewall, its configured correctly and tested that it does the job. Higher end firewalls will also include DOS and DDOS protection.

You've know checked the boxes for the basic level of protection, but your firewall is letting in email otherwise you wouldn't get any messages. Looking at a solution like profilter a hosted anti-spam filter, means your messages coming in will be clean and scanned before they even hit your network.

Operations Director Ian Chilvers said, "Those committing cyber crime impacting the UK are often highly-skilled and operating from abroad. To respond to these type of threats it is important to keep your computers updated and using good virus & malware scanning tools along with all the usual network border protection like firewalls, etc."

Ian added further, "If I asked you to put a price on the information your computer or network has stored and the cost of potentially losing it all verses the cost of a good security protection solution then it's a no brainer really".

Profilter

Profilter is a hosted spam filter solution which filters emails from users with their own domain names and servers to just users with a single mailbox. With a management interface enabling the user to be in total control of their emails and messaging security.

More information can be found at www.prolateral.com/profilter

Interesting links

Prolateral can help you

If you think you have been affected by this problem and need help then give us a call. Prolateral Consulting is an IT Security company specialising in the protection of your computer systems. Prolateral is solution partners with Symantec and eSet to help provide you the best of breed solution that is tailored to fit your business requirement.  Together with proFilter, Prolateral's first rate anti-spam and anti-phishing email filter (as known as spam email filtering) we have the complete solution.

About Prolateral

Prolateral Consulting is in business to put your organisation back in control of your own Information Technology, specialising in information and messaging security, computer forensic services, and disaster recovery planing.

Contact Info

Prolateral Consulting Ltd
Luton, Bedfordshire, UK
Tel : +44 (0) 8450 763760
Email : This e-mail address is being protected from spambots. You need JavaScript enabled to view it

Instant Information request

Please complete the request for information if you wish to discuss matters further or if your needs are more urgent then you can request a call back from us.