This alert was issued by NCCIC on 2nd of June but only affects windows based systems
National Cyber Awareness System:
TA14-150A: GameOver Zeus P2P Malware
06/02/2014 08:15 AM EDT
Original release date: June 02, 2014
Systems Affected
Microsoft Windows 95, 98, Me, 2000, XP, Vista, 7, and 8
Microsoft Server 2003, Server 2008, Server 2008 R2, and Server 2012
Overview
GameOver Zeus (GOZ), a peer-to-peer (P2P) variant of the Zeus family of bank credential-stealing malware identified in September 20111, uses a decentralized network infrastructure of compromised personal computers and web servers to execute command-and-control. The United States Department of Homeland Security (DHS), in collaboration with the Federal Bureau of Investigation (FBI) and the Department of Justice (DOJ), is releasing this Technical Alert to provide further information about the GameOver Zeus botnet.
Description
GOZ, which is often propagated through spam and phishing messages, is primarily used by cybercriminals to harvest banking information, such as login credentials, from a victim’s computer2. Infected systems can also be used to engage in other malicious activities, such as sending spam or participating in distributed denial-of-service (DDoS) attacks.
Prior variants of the Zeus malware utilized a centralized command and control (C2) botnet infrastructure to execute commands. Centralized C2 servers are routinely tracked and blocked by the security community1. GOZ, however, utilizes a P2P network of infected hosts to communicate and distribute data, and employs encryption to evade detection. These peers act as a massive proxy network that is used to propagate binary updates, distribute configuration files, and to send stolen data3. Without a single point of failure, the resiliency of GOZ’s P2P infrastructure makes takedown efforts more difficult1.
Impact
A system infected with GOZ may be employed to send spam, participate in DDoS attacks, and harvest users’ credentials for online services, including banking services.
Solution
Users are recommended to take the following actions to remediate GOZ infections:
Use and maintain anti-virus software – Anti-virus software recognizes and protects your computer against most known viruses. It is important to keep your anti-virus software up-to-date (see Understanding Anti-Virus Software for more information).
Change your passwords – Your original passwords may have been compromised during the infection, so you should change them (see Choosing and Protecting Passwords for more information).
Keep your operating system and application software up-to-date – Install software patches so that attackers can’t take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it (see Understanding Patches for more information).
Use anti-malware tools – Using a legitimate program that identifies and removes malware can help eliminate an infection. Users can consider employing a remediation tool (examples below) that will help with the removal of GOZ from your system.
F-Secure
http://www.f-secure.com/en/web/home_global/online-scanner (Windows Vista, 7 and 8)
http://www.f-secure.com/en/web/labs_global/removal-tools/-/carousel/view/142 (Windows XP systems)
Heimadal
http://goz.heimdalsecurity.com/ (Microsoft Windows XP, Vista, 7, 8 and 8.1)
Microsoft
http://www.microsoft.com/security/scanner/en-us/default.aspx (Windows 8.1, Windows 8, Windows 7, Windows Vista, and Windows XP)
Sophos
http://www.sophos.com/VirusRemoval (Windows XP (SP2) and above)
Symantec
http://www.symantec.com/connect/blogs/international-takedown-wounds-gameover-zeus-cybercrime-network (Windows XP, Windows Vista and Windows 7)
Trend Micro
http://www.trendmicro.com/threatdetector (Windows XP, Windows Vista, Windows 7, Windows 8/8.1, Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2)
The above are examples only and do not constitute an exhaustive list. The U.S. Government does not endorse or support any particular product or vendor.
References
Highly Resilient Peer-to-Peer Botnets Are Here: An Analysis of Gameover Zeus
Malware Targets Bank Accounts
The Lifecycle of Peer-to-Peer (Gameover) ZeuS
Revision History
Initial Publication
“Hello mates, nice post and good arguments commented here, I am in fact_ enjoying by these.”
Maybe you should check out http://www.repairsurge.amazon-certified.com , it has some manuals and stuff
I have interest in this, danke.
Oh my goodness! Incredible article dude! Thanks, However I
am going through problems with your RSS. I don’t know why I am unable to join it.
Is there anybody having identical RSS issues? Anybody who knows the solution will
you kindly respond? Thanks!!
I’m amazed, I must say. Seldom do I encounter a blog that’s equally educative and interesting, and without a doubt, you’ve hit the nail on the head.
The problem is something that not enough men and women are speaking intelligently about.
I’m very happy that I came across this in my hunt for something concerning this.
My relatives all the time say that I am wasting my time here at web, except I know I am getting familiarity all
the time by reading thes nice posts.