Malware Alert: GameOver Zeus (GOZ)

[theGinsue]

Got this at work today and thought it would be good to pass it on to everyone here.

Let's not have this turn into a "This is why I use an Apple/Mac" thread. Take it for what it's worth.

There is a new malware in cyberspace called "GameOver Zeus (GOZ)". This malware spreads to a user's machine via a phishing attack and other bogus emails.

This malware affects all versions of Windows that are used at home and at work (i.e., Windows 95 thru Windows 8) and all Windows Server versions.

Overview

GameOver Zeus (GOZ), is a peer-to-peer (P2P) variant of the Zeus family of bank credential-stealing malware identified in September 2011, [1] uses a decentralized network infrastructure of compromised personal computers and web servers to execute command-and-control. The United States Department of Homeland Security (DHS), in collaboration with the Federal Bureau of Investigation (FBI) and the Department of Justice (DOJ), is releasing this Technical Alert to provide further information about the GameOver Zeus botnet.

Impact

According to U.S.-CERT, a system that is infected with GOZ joins the botnet and is employed to send spam, participate in DDoS attacks, and harvest users' credentials for online services, including banking services. To prepare, U.S.-CERT recommends that antivirus software is used and maintained, passwords are changed and patches are updated.

Solution

Users are recommended to take the following actions to remediate GOZ infections:

-- Use and maintain anti-virus software - Anti-virus software recognizes andprotects your computer against most known viruses. It is important to keep your anti-virus software up-to-date.

-- Change your passwords - Your original passwords may have been compromisedduring the infection, so you should change them often.

-- Keep your operating system and application software up-to-date - Install software patches so that attackers can't take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it.

-- Use anti-malware tools - Using a legitimate program that identifies and removes malware can help eliminate an infection. Users can consider employing a remediation tool that will help with the removal of GOZ from your system.

Please protect yourself at home and at work by not opening or viewing any suspicious emails.

[Ronin13]

Thanks for posting this... And remember, if you don't recognize the sender: DON'T OPEN THE EMAIL!

[asmo]

There is ~100 'new' malware variants a week.. Why do we give this one special love?

[HoneyBadger]

There is ~100 'new' malware variants a week.. Why do we give this one special love?

Because it has been very successful. The phishing and spear phishing attempts have been difficult to discern from legitimate emails and websites. Also, as stated above, it turns your computer into a slave and steals your banking info.

Don't open emails you aren't expecting. After you open those emails (I told you not to!) DO NOT open any attachments or links from that email!

Completely independent of this, it's a really good idea to change ALL of your passwords more than once a year, and don't use the same password for multiple accounts.