Members
  • Total Members: 14176
  • Latest: toxxxa
Stats
  • Total Posts: 42863
  • Total Topics: 16072
  • Online Today: 1418
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)









Author Topic: Find out, is it your PC infected with Gameover Zeus - Online Banking Trojan ?!  (Read 3571 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7528
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum


Users can test by simply visiting a Web page if their computers have been infected with Gameover Zeus, a sophisticated online banking Trojan that law enforcement officers temporarily disrupted last week.

The one-click test was developed by security researchers from antivirus vendor F-Secure and takes advantage of the malware’s aggressive URL matching algorithm: http://www.f-secure.com/gameoverzeus

Gameover Zeus monitors and injects rogue code into Web browsing sessions when users access banking and other popular websites from infected computers. The targeted sites are determined by regular-expression-based rules listed in the malware’s configuration file.

For example, to steal log-in credentials for Amazon.com or other Amazon websites the malware monitors if any URLs accessed in the browser match the following regular expression: http.*?://.*?amazon..*?/.*?. However, this regular expression matches not just Amazon sites, but any URL that has “amazon” in it, including https://www.f-secure.com/amazon.com/index.html.

“We can use this to ‘trick’ Gameover bots and make an easy check to see if an infection is present in your browser!” said Antti Tikkanen, director of security response at F-Secure, in a blog post Monday: http://www.f-secure.com/weblog/archives/00002712.html

Tricking an infected PC to "bite"

Visiting the test page set up by F-Secure from a Gameover-infected computer will force the malware to inject its malicious code into it. The page then performs a check on itself to detect if Gameover-specific code was added.

“We search for the string ‘LoadInjectScript’,” Tikkanen said. “If the string is found on the page, we know Gameover Zeus has infected your browser!”

The test is not perfect though, because the malware doesn’t support native 64-bit browsers, so visiting the F-Secure page from such a browser will not detect the infection. Users are therefore advised to perform the test using a 32-bit version of Internet Explorer, Google Chrome or Mozilla Firefox.

F-Secure also provides a free online scanner that is capable of detecting and removing the threat.

Law enforcement agencies from multiple countries worked with security vendors to disrupt the Gameover Zeus botnet at the beginning of June.

According to the FBI, the malware infected over 1 million computers and was used to steal millions of dollars from businesses and Internet users worldwide: http://www.fbi.gov/news/stories/2014/june/gameover-zeus-botnet-disrupted
It was also used to distribute CryptoLocker, a separate malware threat that encrypts files and asks for a ransom to restore them.

The Gameover Zeus botnet has a peer-to-peer architecture with no single point of failure, so it’s possible that its operators might attempt to regain control of it in the future. Because of this, users are advised to scan their computers and remove the malware if found as possible.

(PCW)

Samker's Computer Forum - SCforum.info


 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising