It’s good to see national press coverage of two particularly nasty pieces of malware, Cryptolocker and GameOver Zeus. The PR machines of the FBI and the UK’s National Crime Agency have clearly been working smoothly.
Law enforcement has apparently disabled the botnet behind the malware, albeit only for two weeks, when they say hackers will have it up and running again. They’ve warned that this gives people a grace period to get their computers protected. And it’s this that makes the headlines.
> See also: Cyber security for dummies
The reality is that these pieces of malware have actually been around for some time and they are insanely dangerous. These particular samples are very evolved and in many cases if they manage to get installed on a system, money will be surely lost and removal will be very difficult.
For Cryptolocker the hackers demand payment in Bitcoins which means that anyone who gets infected has to dive into the Bitcoin world and convert money to Bitcoins. The ransom sits at about $300. And then there’s no guarantee that files will be decrypted.
The really nasty thing about Cryptolocker is that it is actually a super tough encryption so much so that cracking it is next to impossible even for some of the world’s most powerful computers.
While the FBI and NSA didn’t go into detail about their disabling technique, they’ve probably taken down the command and control servers that Cryptolocker uses. When the malware gets onto a computer before it does anything it sends a message to a server. The server then sends a message back to begin encrypting files.
The two week period that the FBI and NSA refer to is likely a reference to the time it takes for the virus to ‘cycle’ to new servers. If anybody is infected during this two week period they’re relatively safe because the servers are out of action. That said, if they’re not using antivirus software, which will pick up and remove the virus, when new command and control servers are in action the virus will start encrypting files.
GameOver Zeus is related to Cryptolocker in that as well as plundering banking details, it provides a back door which is one of the ways Cryptolocker infects computers. However, it typically propagates as an attachment in an email. Cryptolocker was first discovered in 2013 and as is usually the way in the world of malware, it has spawned a number of clones which closely mimicked its behaviour.
GameOver Zeus is a variant of the Zeus family of malware and is a common password-stealing Trojan. Zeus was first identified in 2007 and has been quite prolific. GameOver Zeus was the most active banking Trojan in 2013 and it’s estimated that it has infected up to 1 million computers. The FBI says it’s responsible for more than $100 million in losses.
> See also: Heartbleed: don’t blame open source, blame the people
It’s good to see these malware strains being tackled by cyber law enforcement. They’re certainly aware of the threats that malware causes because they often have to pick up the pieces. Hopefully, the headline coverage will raise people’s awareness about the need to protect their computers, for it’s an absolute certainty that new strains of equally virulent malware will appear in the near future.
Headline coverage by its very nature amplifies issues and given the potential damage that Cryptolocker and GameOver Zeus can visit on computers it would be easy to panic a bit. However, if you’ve got good Internet Security, you’ve got nothing to worry about. These malware strains will be picked up and stopped even when they’re back up and scouring the internet for vulnerable computers.