How To Avoid The Gameover Zeus Malware Attack

It's little wonder that computer experts are warning that computer users could be experiencing "notification fatigue" after the past few weeks. But even if you're feeling overwhelmed following the Heartbleed bug and security breaches at eBay, you should take some simple steps to protect yourself from Gameover Zeus if you use Microsoft Windows.

Picture: Eddi van W.

Why two weeks?

Gameover Zeus is an extremely sophisticated piece of malware uncovered by a huge international investigation. A criminal network has a botnet, or a distributed network of computers, all working together. Your computer could be part of this distributed system without you knowing it. You may have inadvertently downloaded a trojan turning your computer into a zombie or you may have clicked on a link or attachment in an email that looked legitimate but was actually a route for the trojan to be downloaded.

Once your computer is compromised, it works as part of a large hive (the botnet) to infect other computers, scanning them for any documents that contain financial or other interesting information.

If it doesn't find any financial information, it installs Cryptolocker, which locks the content of your computer and threatens to delete it forever unless you pay a ransom.

On June 2, The FBI, Europol and the UK's National Crime Agency announced that they had identified the source of Gameover Zeus. They say that Windows users should install protection in the next two weeks to stay safe. This is based on the amount of time the FBI and co think they can hold the upper ground against the cybercriminals.

The agencies have taken down the central server that control the botnet but it is assumed that within two weeks, a typical cybercriminal enterprise can regroup, reprogram its attack and start attacking again.

The FBI has named Russian citizen Evgeniy Bogachev as its main suspect but he remains at large and it is not clear how many others are involved.

What should you do?

If you don't use Windows, you can sit comfortably and do nothing. But the majority of desktop and laptop computer systems sold worldwide do. Gameover Zeus also affects Microsoft Servers, which is used in many organisations.

If you already have anti-malware software, update it and check with your anti-malware provider. If you do not have any anti-malware applications, you must install one. Free applications such as AVG and Malwarebytes are good options.

The FBI is also advising people to change their passwords. This is the third or fourth time you'll have heard this advice in as many weeks, so you may indeed be feeling fatigue.

This time though, internet service providers have a decent idea of who is implicated because the security agencies know where the network traffic is going. ISPs will be contacting customers known to have been affected by either letter or email. If you get such a communication, you must act.

I would not leave it for two weeks either. The cybercriminals involved may regroup considerably sooner.The Conversation

Andrew Smith is Lecturer in Networking at The Open University. He does not work for, consult to, own shares in or receive funding from any company or organisation that would benefit from this article, and has no relevant affiliations.

This article was originally published on The Conversation. Read the original article.


    We recently experience something like this (April).

    Ransomware was installed on our systems, deleting all files and replacing them with *.poshkoder at the end of every file. It also seemed to spread like wildfire as well (to other computers)

    Is this related? Is there any idea how it is actually being spread?

      Poshkoder is nearly always spread by office files with macros enabled.

    Lifehacker has previously stated that Security Essentials, the defender software bundled with Windows 8 and downloadable in previous versions, is sufficient protection on Windows-based systems. Is this still the case or is anti-malware software required in addition?

      I may be wrong, but I think even Microsoft themselves said that MSE is no longer enough protection.

    On the AVG website, there's a pesky asterisk next to the word "Free". Apparently, it's a 30 day free trial.

    The MalwareBytes site wants you to upgrade to a paid Premium version, but at least it won't demand money in 30 days. Kind of like the cryptolocker mentioned in the article, only threatening to leave your PC vulnerable to attack.

      There's also a completely free version of AVG with less features.

    No, I think there's still a free version of AVG: I could be wrong, didn't try it out by installing.

Join the discussion!

Trending Stories Right Now