GoZeuS Returns a Month after Authorities Take Measures Against the Malware

Though authorities had taken action against the GoZeuS and CryptoLocker malware which stole hundreds of thousands of banking logins from users and blackmail them for millions of pounds, it seems that the malwares are back. A month after the campaign, online criminals seem to have tried to rebuild the sophisticated software named GameOver ZeuS, having researchers warn that new threats using much of the same code are aimed at UK users.

Reports say that the ‘original strain’ of the malware targeted by authorities around the world, including the NSA and the FBI, has been in a decline since the campaign started. However, it appears that criminals are now re-establishing the GameOver botnets by taking the original code and reworking it to avoid detection, much like a biological virus modifies its genetic code in order to survive medicine administered against it.

A security company by the name of Malcovery has stated that the new trojan based on the GameOver Zeus binary is spreading through spam emails, claiming to be from the NatWest bank, coming with an attached statement in the content. Anyone who opens the ‘statement’ are said to risk infection, since traditional anti-virus software cannot detect the malicious software. Also, the CEO of Heimdal Security, Morten Kjærsgaard, states that the heads of the original GoZeuS will try to use lesser-known strains in order to avoid law enforcement agencies detecting it.

“Until we start to see a more clear movement pattern of these new Zeus variants, which are starting to surface, we can’t say anything definitive about their extent,” said Kjærsgaard. “There is no doubt though, that many small malware variants could pose the same financial problem for end users as one big nasty piece of malware.” he added.

While the GameOver Zeus botnet earned more than $100 million for its creators, more infections are likely to take place given the new strains. In June however, US authorities are said to have named Evgeniy Bogachev, a Russian national, as the main suspect behind the original malware.

Thank you The Guardian for providing us with this information
Image courtesy of The Guardian

Comodo Internet Security 7.0 Launces in the UK, Backed by a £300 Virus-Free Guarantee

Comodo is a company offering leading solutions in terms of PC/Mac antivirus and malware software, SSL digital certifications, as well as android antivirus and malware solutions. It’s latest product is the all-in-one protection software, Comodo Internet Security Pro 7, which has been recently made available to the UK market.

The all-in-one software is said to be a unique and patented prevention tool for unknown viruses, as well as a detection tool for known ones. It works by inspecting each file attempting to run on a computer and instantly compares the file to its White List and Black List database. In the case of a file not being present in either list, the software restricts its access using Auto Sandbox Technology, keeping the computer clean and virus-free.

The company has also made a few changes to its latest Comodo Internet Security Pro 7 software, including a user interface update that allows tasks to be performed quicker while delivering more information on the current computer status. In addition to the interface update, Comodo claims that it has shortened the Sandbox function’s average process time per file by up to 700%, while adding the ability to reverse potentially undesirable actions of software without necessarily blocking the software entirely.

Also, Comodo has added an advanced Website Filtering feature, allowing website access rules to be created for particular users of a computer and logging each activity when a user tries to visit a website which is in conflict with a rule. Another interesting new feature added is the Protected Data Folder, which keeps each and every file placed inside a ‘Protected Data Folder’ from being read, accessed and modified by applications running in Sandbox mode. The last but not least addition is PrivDog, a software specially designed to suppress any malicious advertisement, while being able to run alongside all major browsers on the market.

What makes Comodo’s Internet Security Pro 7.0 one of the best antivirus and malicious software prevention is the company’s confidence in suppressing each and every virus and malware roaming the internet, including GOZeuS and CryptoLocker, as the company stated. This is why the company offers a $500 (£298.54) money back guarantee, should a user’s computer become infected while using the Comodo Internet Security Pro 7.0.

The Comodo Internet Security Pro 7.0 comes with a yearly subscription of just £30 which covers three machines and includes GeekBuddy online support. Comodo’s Internet Security Complete 7 is also available at a £68 yearly subscription, including all of the Pro’s features, plus TrustConnect Wi-Fi/Hotspot encryption and 50 GB of Online Storage. A trial for the software can be downloaded over at Comodo’s website.

Traditional Antivirus Software “Simply Don’t Work” According to Security Specialists

While the National Crime Agency did warn people about the upcoming GOZeuS and CryptoLocker malware, information given by security specialists point to the fact that traditional antivirus software is not enough even for a simple malware prevention, yet alone the more advanced malware types.

Comodo Group‘s CEO, Melih Abdulhayoglu, points out that most traditional antivirus software on the market “simply don’t work” and detects threats such as viruses and malware only when they have already infected the system, rendering them obsolete.

“For years the antivirus industry has been promoting a flawed product to the mass market as a protection product – a huge con. As a result, there are millions of business and home users who think that they are safe online, just by running an antivirus product – this is madness! Traditional antivirus products do not and can not protect you from new malware like Cryptolocker that they can’t detect.”

Melih emphasises that the only method of keeping a system clean is through containment technology. The technology puts unknown traffic coming from the internet into a sandbox environment for further analysis, meaning that the data cannot react or spread within the system until it has been identified as ‘safe’. This way, Melih states that the malware is detected and denied access before it can even get near the system at hand.

Businesses however are more susceptible to viruses and malware than homes. This is said to be due to the fact that hackers are writing specific malware which target a single individual system inside the company, from which it will inevitably grant access to the entire company’s network.

“For businesses, the problem is Advanced Persistent Threats (APT). Criminals are writing specific tailored malware aimed at one person in a company and then stealing data via that person. It’s designed to be undetectable, or viewed as too small a problem to solve. Think of it like this: the pharmaceutical industry wouldn’t bother to spend billions on curing a disease that infects just one person, so these bad guys are hoping that the security industry doesn’t put resources into solving a problem targeted at just one individual.”

However, this does not mean everyone is doomed to have their systems infected. Egemen Tas, VP of Engineering at Comodo, emphasises that a combination of a strong and trusted† antivirus software along with basic execution control (such as the annoying popup in Windows, which everyone tends to deactivate, appearing every time an ‘unknown’ or application requiring elevated privileges wants to launch) is enough to keep your system clean.

“In order to stay protected from GOZeuS and CryptoLocker, users should follow cyber-hygiene best practices,” said Egemen Tas, VP of Engineering at Comodo. “It’s not as complicated as you may think. You should use a certified and proven antivirus product, always installing the latest version and applying updates. Additionally, you should go beyond traditional security prevention by utilizing a HIPS (host-based intrusion prevention system) product, and applying some basic application execution control to prevent these types of malware from taking over your system.”

Also, since there are cases where malware can infect a system through the e-mail service, Egemen states that a good prevention practice is “not opening attachments from unsolicited emails”, meaning that if an unexpected email from an unknown person or even a friend arrives in your inbox containing a strange attachment, it is better to delete it rather than risk opening it.

UK’s National Crime Agency Gives Two-Weeks Notice Regarding GoZeuS and CryptoLocker

The UK National Crime Agency warns the public to take advantage of a two-week notice in order to protect themselves from two major malware roaming the internet, the GoZeuS and CryptoLocker, which are responsible for transferring cash from online accounts and holding personal data for ransom.

The NCA stated that the alert is the most largest industry and law enforcement collaborations to this date and that the FBI’s involvement in several countries has weakened the global network of infected computers, meaning that the notice and prevention ahead of the malware activity can help diminish the infection chance.

GoZeuS, also known as P2PZeuS or Gameover ZeuS, and CryptoLocker are said to target all versions of Windows operating systems, including the ones running in virtual environment, servers or embedded versions. The agency also states that the malware is responsible for transferring hundreds of millions of pounds around the world.

In the case where GoZeuS cannot transfer significant amounts of money from a personal computer, it is said that CryptoLocker is called as a back-up plan, locking the user’s personal data and holding it for ransom, currently price at 1 Bitcoin. The recent estimate of infected systems is said to be at 15,500 PCs in the UK alone.

The infection is said to occur by clicking fake links or attachments in e-mail sent by people in the contact book who have already been infected by the malware. The NCA recommends users to always keep their software up to date and check their computers for infection using antivirus software.

Thank you TheNextWeb for providing us with this information
Image courtesy of TheNextWeb