GameOver Zeus…its really about social engineering

On 06 Jun, 2014
News
By : Russell Sherr
No Comments
Views : 6451

There has been much press about the interception of a botnet controlling Trojans such as GameOver Zeus but as the excitement and hype dies down the reality sets in.

The reality, in this authors opinion, is that if your machine has already been infiltrated by GameOver Zeus or other such Trojans it is frankly a bit late to worry about it now! Your bank details will have already been hoovered up and transmitted to unscrupulous individuals, along with passwords and other personal data. This weeks' press reports fundamentally changes nothing.

As we always say to our clients, 'data is the new gold'

To obtain personal data from unsuspecting victims computers requires relatively little effort and the harvested information is incredibly valuable and better still it can be traded in the darker corners of the Internet for digital or hard currency, whereas oil and gold require incredible effort to obtain and yield lesser relative returns.

Yes one could argue that most oil and gold is legally obtained, but there are illegal sources of gold (e.g. North Korean gold) and other rare elements such as diamonds (e.g. conflict diamonds) but nonetheless it is essentially true that personal data is simply easier to mine and yields a better return.

So how can you protect yourself?

The advice given out includes update your anti-virus, change your passwords and don't use the same password on every account.

OK, lets dispense with anti-virus. Last month The Register, one of our favourite IT reads, reported that Symantec's own Senior Vice President for IT Security, Brian Dye, told the Wall Street Journal that anti-virus was "dead". Many of these Trojans can bypass anti-virus tools so that is no-go.

The next option, change your password. Great, but if your machine is already compromised (and worse you are not aware of it), your new password will become known to whoever is collecting your data anyway. This applies also for using different passwords for different sites, again it is of no use, your computer has already been compromised.

The answer, or at least a partial answer is that you can run tools to scan your computer for Trojans such as Zeus and other nasties. Our particular favourite is Hitman Pro, which can be downloaded from http://www.surfright.nl, and only download from this site. This will tell you if you are already infected and will allow you to fix the issues. Tools such as these are 99% successful as there are the odd traces of Trojans, Rootkits and other such nasties which simply won't go and so you have to either create a new user profile or rebuild your PC (backing up your important files first - but you already do that anyway, don't you?)

The other and most important bit is to change your passwords on a clean machine! If you have another computer, tablet or mobile that you know is free of Trojans and other nasties, or you have rebuilt your computer, change the passwords on this device.

Prevention is better than cure!

A simple idiom and simply true! The primary source of these attacks is either attachments via email, links in emails, links sent through social media etc... these are the easiest ways to infiltrate even the most secure IT systems.

The creators of such emails are getting deceptive and clever. The goal is to instil a sense of panic in the reader and force them to react irrationally and click a link or open an attachment without considering their actions.

Consider the following examples we have seen;

  • Your O2 bill is £390, we will take this money from your account, click here to check your account
  • This is your bank, we have authorised a user at your request to access your credit card account, please click here if you want to see this request
  • A company complaint was submitted to Companies House, click here to view the details
  • You have been summoned to appear in court, please find the relevant documents here
  • You may have cancer, we have attached information about the tests and what to do next

All of these are designed to make you react irrationally by either panic, fear or distress and instantly you open the attachment or click the link and just like that you have invited the attacker into your machine, like opening the door to a thief!

Don't click the link, don't open the attachment, BE RATIONAL!

No Court would email you! How the hell does the NHS know you have Cancer without you ever having had a blood test? What is a Company complaint? Your Bank wouldn't give anyone access without you explicitly authorising it and there is no precedence to do so. Also why would anyone send a zip attachment anyway?

Read the message again, you will spot grammatical and spelling errors, on second read you will be more suspicious! so be suspicious the first time, even if the email comes from someone you know, their account may have been hacked.

In general we have a heightened sense of awareness to threats in the world, its in our nature, but when it comes to technology this awareness seems to evaporate in many and the loss of rationality occurs.

Prevention is better than cure, be rational and sensible when using the web, emails and social media, you could do a better job of protecting your computer than anti-virus software!

Footnote: For those who still think this is only a problem for Windows users, there are active exploits for Apple Macs, notwithstanding the catastrophic fail by Apple which compromised the integrity of SSL on all their devices and there are several active threats to Android mobiles, one of which attempts to encrypt the data on the handset and hold the user to ransom.

← Back to What We Offer
Facebook
Twitter
LinkedIn
Email
Share this article


About The Author

Russell Sherr

Number of Posts : 24
All Posts by : Russell Sherr


  • Error

    Fans

  • Error

    Followers

  • Subscribe

    RSS Feed

Categories

Latest Tweets