New Virus – warning from Mike Adams, Prime Focus Forensics in Hutto

11 Jan

The F.B.I. released a warning about the return of the infamous “Zeus” virus in a new format known as “Game Over”. This is a virus specifically designed to steal your financial data first, and then steal your money. That is what it does and it is very good at doing it. Zeus was first seen a few years ago, it was tamed, but now it is back and it is dangerous. Here is some information from the Ziff – Davis Network which is one of our security alert partners:

A new variant of the notorious Zeus identity-theft Trojan is making the rounds and the Federal Bureau of Investigations (FBI) says it is capable of defeating common methods of user authentication employed by financial institutions.The latest strain of the ID-theft malware, called Gameover, begins as a phishing scheme with spam e-mails — purportedly from the National Automated Clearing House Association (NACHA), the Federal Reserve Bank, or the Federal Deposit Insurance Corporation (FDIC) — that leads to malware infection and eventual access to the victim’s bank account.

From the FBI warning:

“The malware is appropriately called “Gameover” because once it’s on your computer, it can steal usernames and passwords and defeat common methods of user authentication employed by financial institutions. And once the crooks get into your bank account, it’s definitely “game over.”

Gameover is a newer variant of the Zeus malware, which was created several years ago and specifically targeted banking information.”

The FBI said the phishing lures typically includes a link in the e-mail that goes to a phony website.  ”Once you’re there, you inadvertently download the Gameover malware, which promptly infects your computer and steals your banking information,” it warned.

The FBI said recent investigations have shown that some of the funds stolen from bank accounts go towards the purchase of precious stones and expensive watches from high-end jewelry stores.

The criminals contact these jewelry stores, tell them what they’d like to buy, and promise they will wire the money the next day. So the next day, a person involved in the money laundering aspect of the crime—called a “money mule”—comes into the store to pick up the merchandise. After verifying that the money is in the store’s account, the jewelry is turned over to the mule who then gives the items to the organizers of the scheme or converts them for cash and uses money transfer services to launder the funds.


2 Responses to “New Virus – warning from Mike Adams, Prime Focus Forensics in Hutto”

  1. Kurt Johnson 11/01/2012 at 4:49 pm #

    So, what’s the suggested remedy?

  2. CM Mike Adams 12/01/2012 at 6:14 am #

    Hey Kurt!

    The solution is to never, never, never click on a link in an email. Realistically, I can’t do that 100% of the time either.

    If any one, including someone you know, sends you an email with just a link in it, or with a link and some irrational wording included, never click on the link. I must get 20 emails a day like that, usually people sending jokes or You Tube stuff, and I trash every one of them. Yes, I know I have missed some good atuff but hey, I rarely pick up an infection too.

    The reason that emails with links are so dangerous is at least twofold. First, the bug has to find a host system in order to be effective. Today’s Anti Virus and Internet Security programs (we recommend AVG Internet Security 2012 & Kaspersky Internet Security 2012) and firewalls are good enough to keep the bugs at bay. That forces the bug to find a way around your defenses. A bug can sneak a ride on an email link, so, when you click the link, you are actually opening the doors and letting the bug out to roam free within your network.

    Second, once the bug is loose within your system, it can actually replicate and migrate itself. All without any help from you. The bug will crawl into your email address book and once there will send out an email to every valid email address in your book. Guess who is tagging along on that email? Right! The bug will insert itself in the form of a link for everyone to click on. It might look like this:


    Please click on this link:

    When you click on that link,the process starts all over again but this time your machine is the host. That is how it self propagates. Not too unlike being passed around by human touch.

    Imagine one bug replicating itself every few minutes on a logarithmic basis. Some one should do the math! 2 – 4 – 8 – 16 – 32 -64 – 128 – 256 – 512 – 1024 – 2048…

    The best thing that everyone could do if they send links to others is to note in your email that “I sent this link to you and it is concerns (insert subject here). I scanned it before I sent it to you.”

    Ultimately the best advice is to use your common sense.

    Thank you!


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: