Posts

GameOver Zeus Virus Test

,

The original notice on GameOver Zeus appeared on the US-CERT site. If you’d like to go directly to the tests for the GameOver Zeus virus, scroll down.

Overview of GameOver Zeus

GameOver Zeus (GOZ), a peer-to-peer (P2P) variant of the Zeus family of bank credential-stealing malware identified in September 2011, [1] uses a decentralized network infrastructure of compromised personal computers and web servers to execute command-and-control. The United States Department of Homeland Security (DHS), in collaboration with the Federal Bureau of Investigation (FBI) and the Department of Justice (DOJ), is releasing this Technical Alert to provide further information about the GameOver Zeus botnet.

Systems Affected by GameOver Zeus Virus

  • Microsoft Windows 95, 98, Me, 2000, XP, Vista, 7, and 8
  • Microsoft Server 2003, Server 2008, Server 2008 R2, and Server 2012

Impact of GameOver Zeus

A system infected with GOZ may be employed to send spam, participate in DDoS attacks, and harvest users’ credentials for online services, including banking services.

Solutions to GameOver Zeus

Users are recommended to take the following actions to remediate GOZ infections:

  • Use and maintain anti-virus software – Anti-virus software recognizes and protects your computer against most known viruses. It is important to keep your anti-virus software up-to-date.
  • Change your passwords – Your original passwords may have been compromised during the infection, so you should change them
  • Keep your operating system and application software up-to-date – Install software patches so that attackers can’t take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it
  • Use anti-malware tools – Using a legitimate program that identifies and removes malware can help eliminate an infection. Users can consider employing a remediation tool (examples below) that will help with the removal of GOZ from your system.

F-Secure      

http://www.f-secure.com/en/web/home_global/online-scanner(link is external) (Windows Vista, 7 and 8)

http://www.f-secure.com/en/web/labs_global/removal-tools/-/carousel/view/142(link is external) (Windows XP)

Heimdal

http://goz.heimdalsecurity.com/(link is external) (Microsoft Windows XP, Vista, 7, 8 and 8.1)   

McAfee

www.mcafee.com/stinger(link is external) (Windows XP SP2, 2003 SP2, Vista SP1, 2008, 7 and 8)

Microsoft

http://www.microsoft.com/security/scanner/en-us/default.aspx(link is external) (Windows 8.1, Windows 8, Windows 7, Windows Vista, and Windows XP)

Sophos

http://www.sophos.com/VirusRemoval(link is external) (Windows XP (SP2) and above) 

Symantec

http://www.symantec.com/connect/blogs/international-takedown-wounds-gameover-zeus-cybercrime-network(link is external) (Windows XP, Windows Vista and Windows 7)

Trend Micro

http://www.trendmicro.com/threatdetector(link is external) (Windows XP, Windows Vista, Windows 7, Windows 8/8.1, Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2)

FireEye and Fox-IT

www.decryptcryptolocker.com(link is external) FireEye and Fox-IT have created a web portal claiming to restore/decrypt files of CryptoLocker victims. US-CERT has performed no evaluation of this claim, but is providing a link to enable individuals to make their own determination of suitability for their needs. At present, US-CERT is not aware of any other product that claims similar functionality.

The above are examples only and do not constitute an exhaustive list. The U.S. Government does not endorse or support any particular product or vendor.

References

Revisions

  • Initial Publication – June 2, 2014
  • Added McAfee – June 6, 2014
  • Added FireEye and Fox-IT web portal to Solutions section – August 15, 2014

 

John Sileo is an an award-winning author and keynote speaker on cyber security and data breach. He specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Honeymoon Over: Flashback Trojan Infects Apple

, ,

(and what you can do about it)

For years, Apple Mac users have been able to smugly preach security supremacy over fellow Windows users. Apple computers were less susceptible to viruses because they accounted for such a small share of hack-able devices. With the explosive growth of Mac laptops, iPads and iPhones, that honeymoon is all but a nostalgic memory. Apple’s Mac OS X no longer has impunity from virus infection. For the second time in the last year, Apple’s OS X has been successfully breached by malware. Here are the details, and steps you MUST take to protect yourself:

Flashback Trojan Facts:

  • The Flashback Trojan has currently infected more than 600,000 Macs.
  • Flashback is a ‘drive-by’ virus, meaning users only have to visit a site that exploits the flaw; you don’t have to download anything to be at risk.
  • The flaw exploits weaknesses in Java coding, an fairly essential and widely used web browsing tool.
  • First, the Trojan loads software onto your system that directs victims to additional malware.
  • Once the malware is installed, the Trojan steals passwords and banking info from Safari.

Tips for Protecting Your Mac:

  • Immediately download and install all Apple updates and security patches (the latest of which corrects the Java flaw).
  • Configure your system to download and install security and software updates automatically as they are released.
  • Make sure you are using the Apple version of Java that is patched for this virus (Java 6 update 31 or greater).
  • Consider installing ant-virus software or a security suite on your Apple computer, much like would on your Windows systems.
  • Check to see if your Mac has been infected with the Flashback Trojan.
  • If you suspect that your Mac has been infected, visit F-Secure’s website and follow its removal instructions.
  • For casual users, consider doing away with Java all together. The Web itself provides the processing power previously provided by Java.
  • Don’t fall prey to the belief that as a Mac user, you are immune to viruses, trojans and malware. Actually, you are probably now more exposed than Windows users, who have been building their defenses for years.

The Apple virus-free honeymoon has been long and satisfying. But as with all relationships, it’s time for you move into a more mature, long lasting companionship.

John Sileo is an award-winning author and speaker on protecting the sensitive data that makes your business run (even the data you access on your iPad, iPhone or Macbook). He is the CEO of The Sileo Group, which advises clients on defending privacy and leveraging trust. His clients included the Pentagon, Pfizer & Homeland Security. Sample his keynote presentations or appearances on 60 Minutes, Anderson Cooper & Fox. 1.800.258.8076.

iPad Vampires: 7 Simple Security Settings to Stop Data Suckers

, ,

Information is the currency and lifeblood of the modern economy and, unlike the industrial revolution, data doesn’t shut down at dinnertime. As a result, the trend is towards hyper-mobile computing – smartphones and tablets – that connect us to the Internet and a limitless transfusion of information 24-7. It is an addiction that employers encourage because it inevitably means that we are working after hours (scanning emails in bed rather than catching up with our spouse).

In the work we do to change the culture of privacy inside of organizations, we have discovered a dilemma: iPads are not as secure as other forms of computing and are leaking significant amounts of organizational data to corporate spies, data thieves and even competing economies (China, for example, which would dearly love to pirate the recipe for your secret sauce). Do corporations, then, sacrifice security for the sake of efficiency, privacy for the powerful touch screens that offer a jugular of sensitive information?

Of course not! That’d be like driving a race car minus seat belts and air bags.

iPads provide a competitive advantage, and like generations of tools before it (the cotton gin, the PC), individuals and organizations alike will be forced to learn how to operate this equipment safely or risk the bite of intellectual property vampires. Here are 7 Simple Security Settings to help you lock down your iPad much like you would your laptop.

7 Simple Security Settings for Your iPad

  1. Turn On Passcode Lock. Your iPad is just as powerful as your laptop or desktop, so stop treating it like a glorified book. Your iPad is only encrypted when you enable the passcode feature. (Settings/General)
  2. Turn Simple Passcode to Off. Why use only an easy to crack 4-digit passcode when you can implement a full-fledged alphanumeric password? If you can tap out short emails, why not spend 5 seconds on a proper password.
  3. Require Passcode Immediately. It is slightly inconvenient and considerably more secure to have your iPad automatically lock up into passcode mode anytime you leave it alone for a few minutes.
  4. Set Auto Lock to 2 Minutes. Why give the table thief at your favorite café more time to modify your settings to his advantage (to keep it from locking) as he walks out the door with your bank logins, emails and kid pictures.
  5. Turn Erase Data after 10 Tries to On. Even the most sophisticated passcode-cracking software can’t get it done in 10 tries or less. This setting wipes out your data after too many failed attempts. Just make sure your kids don’t accidentally wipe out your iPad (forcing you to restore from your latest iTunes backup).
  6. Use a Password Manager. Your passwords are only as affective as your ability to use them wisely (they need to be long and different for every site). Keeping your passwords in an unencrypted keychain or document is a recipe for complete financial disaster. Download a reputable password-protection app like 1Password to manage and protect any sensitive passwords, credit card numbers, software licenses, etc. Not only is it safe, it’s incredibly convenient and efficient.
  7. Avoid Untrustworthy Apps. Not all applications are friendly. Despite Apple’s well-designed vetting process, there are still malicious apps that slip through the cracks to siphon data out of your device. If the app hasn’t been around for a while and if you haven’t read about it in a reputable journal (Macworld, Wall Street Journal, New York Times, etc.), don’t load it onto your system. Don’t jail-break your iPad to download apps outside of iTunes. Short-term gain equals long-term risk.

Believe it or not, these simple steps begin to give you a level of security that will discourage casual data vampires. After implementing the Simple 7, move on to 5 Sophisticated Security Settings for iPads for even more robust data defense.

John Sileo lost almost a half-million dollars, his business and his reputation to identity theft. Since then, he’s become America’s leading keynote speaker on identity theft, social media exposure and weapons of manipulation. He helps organizations build successful cultures of privacy. His clients include the Department of Defense, Pfizer and Homeland Security. To learn more, visit ThinkLikeASpy.com or contact him directly on 1.800.258.8076.