• Home
  • About 404TS
  • Contact

404 Tech Support

Where IT Help is Found

  • Articles
    • Code
    • Entertainment
    • Going Green
    • Hardware, Gadgets, and Products
    • Management
    • Network
    • News
    • Operating Systems
    • Security and Privacy
    • Software
    • System Administration
    • Talking Points
    • Tech Solutions
    • Web
    • Webmaster
  • Reviews
  • Media
    • Infographics
    • Videos
  • Tech Events
  • Tools
    • How do I find my IP address?
    • Browser and plugin tests
  • Get a Technical Consultation
You are here: Home / Articles / News / McAfee writes about Operation Tovar, taking a swipe at CryptoLocker and Gameover Zeus

McAfee writes about Operation Tovar, taking a swipe at CryptoLocker and Gameover Zeus

2014-05-31 by Jason

We previously wrote about CryptoLocker, the trojan that encrypts your files and then holds the decryption key ransom, over six months ago. It and many variants have continued to harass and charge individuals and organizations. For those victims, McAfee made an exciting announcement yesterday. Law enforcement and the private sector, including McAfee, cooperated to dismantle the Gameover Zeus and CryptoLocker infrastructure, albeit temporarily. McAfee also provided a removal tool called Stinger to delete the malware from your computer.

The announcement with an urgent tone has been removed from McAfee’s blog. (Update: The original article has been published again on the McAfee blog. Microsoft also wrote about their efforts in cleaning up GameOver Zeus. The FBI now has their article up too.) Not before being captured by Google cache and I copied the full article from my RSS feed reader below:

—

Under Operation Tovar, global law enforcement—in conjunction with the private sector and McAfee—has launched an action to dismantle the Gameover Zeus and CryptoLocker infrastructure. Disrupting the criminal infrastructure by taking control of the domains that form part of the communications network provides a rare window for owners of infected systems to remove the malware and take back control of their digital lives.

If you, or anybody you know, receive a notification from your Internet service provider, then please do not ignore it. Use the removal tool to delete the malware from your system, and ensure you have appropriate protection to prevent future infections.

The removal tool is available at the following URL:

http://www.mcafee.com/stinger

We anticipate the criminal infrastructure of both Gameover Zeus and CryptoLocker will re-establish operations as quickly as they can. Thus you need to take action quickly.

What do Gameover Zeus and CryptoLocker do?

The two are in fact very different. Once Gameover Zeus finds its way onto a victim’s computer, it attempts to steal information from the victim. It has been used successfully by cybercriminals in all manner of attacks. From the theft of online banking credentials, credit card numbers, and even the login credentials for online job boards, the trail of destruction behind Gameover Zeus has netted criminals millions of dollars. For example, in August 2012 alone one estimate suggests that more than 600,000 systems were infected, many of these in Fortune 500 firms.

Gameover Zeus is based on the original Zeus, but works differently in that it decentralizes the control system and creates a peer-based network. The malware injects itself into legitimate Windows processes to maintain persistence, and also hooks system and browser functions to inject “fake” content into a user’s browser to conceal fraudulent activity.

This method is highly effective when the criminal wants to wire out large sums of money from a business account, but needs to conceal the activity for as long as possible until the funds are gone and have posted to the criminal’s account. Variants of Gameover Zeus operate in a peer-to-peer manner, getting their updates and configurations from available hosts on the peer network—making it much more difficult to disrupt. Gameover Zeus also has a function to dynamically update the configuration file that contains the payload usually designed to steal funds from a user’s bank account.

The functionality of Gameover Zeus ranges from simple credential stealing to advanced methods that involve hijacking a victim’s bank account in real time, enabling the criminal to wire out large amounts undetected.

Victims are typically infected via spear phishing campaigns that use various browser- and web-based exploits to deliver the malware onto the target system. The actors behind Gameover Zeus are interested in financial gain; thus they target consumers and businesses with this malware.

CryptoLocker, on the other hand, is not as sneaky, and warns users that unless they hand over a sum of money the malware will encrypt the data on the system. Such ransomware provides only a short window for the user to transfer the funds to the criminals, and failure to do so will result in the files being encrypted and unusable. If your system has files that are encrypted, the Stinger removal tool will not be able to retrieve them.

CryptoLocker encrypts the files on the system and generates a pop-up demanding that the victim pay a ransom to get the private key to decrypt the files. The malware uses public key cryptography algorithms to encrypt the victim’s files. Once the victim’s machine is infected, the key is generated and the private key is sent to the criminal’s server. The malware typically gives the victim 72 hours before the CryptoLocker server is supposed to destroy the private key, making the files unrecoverable and unusable. Victims are also infected via phishing emails and botnets.

Combining global law enforcement, including the National Crime Agency (United Kingdom), the FBI, and Europol, as well as partners in the private sector, this operation will provide a unique opportunity for those who are infected to remove the infections. Victims of these malware need to take advantage of this opportunity because the criminals will attempt to re-establish their communications infrastructure as quickly as they can to continue stealing your data and money.

 Thanks to our colleague Ryan Sherstobitoff for his assistance with this post.

The post It’s ‘Game Over’ for Zeus and CryptoLocker appeared first on McAfee.

Filed Under: News, Security and Privacy

Trending

  • Don’t try to fool me, product photos!
    In Hardware, Gadgets, and Products, Talking Points
  • Windows 8 Action Center: Find and install an antispyware app online (Important)
    In Security and Privacy, Software, Tech Solutions
  • Lytro’s Focus-Later Cameras Are Now Available For Pre-Order
    In Hardware, Gadgets, and Products

Latest Media Posts

Find Out Where To Download SNES ROMs

Find Out Where To Download SNES ROMs

Multifunctional Video Conversion Tools – Wondershare Video Converter

Multifunctional Video Conversion Tools – Wondershare Video Converter

  • Popular
  • Latest
  • Today Week Month All
  • How to ‘Unblock’ multiple files at a time with PowerShell How to 'Unblock' multiple files at a time with PowerShell
  • Command line to take ownership and change permissions Command line to take ownership and change permissions
  • Increase IIS Private Memory Limit to improve WSUS availability Increase IIS Private Memory Limit to improve WSUS availability
  • SOLVED: “This modification is not allowed because the selection is locked.” SOLVED: "This modification is not allowed because the selection is locked."
  • Creating and editing views in phpMyAdmin Creating and editing views in phpMyAdmin
  • customer contactless payment for drink with mobile phon at cafe counter bar,seller coffee shop accept payment by mobile.new normal lifestyle concept The Latest Innovations In Payment Technology
  • How Digital Technology Brought the Rise of the CMO   How Digital Technology Brought the Rise of the CMO  
  • How to Purchase Cryptocurrencies? How to Purchase Cryptocurrencies?
  • Top 6 necessary aspects to consider when hiring Angular developers Top 6 necessary aspects to consider when hiring Angular developers
  • Full guide on drawbacks and benefits of Node.js for making the perfect choice for your business Full guide on drawbacks and benefits of Node.js for making the perfect choice for your business
Ajax spinner

Elevator Pitch

404 Tech Support documents solutions to IT problems, shares worthwhile software and websites, and reviews hardware, consumer electronics, and technology-related books.

Subscribe to 404TS articles by email.

Recent Posts

  • The Latest Innovations In Payment Technology
  • How Digital Technology Brought the Rise of the CMO  
  • How to Purchase Cryptocurrencies?

Search

FTC Disclaimer

404TechSupport is an Amazon.com affiliate; when you click on an Amazon link from 404TS, the site gets a cut of the proceeds from whatever you buy. This site also uses Skimlinks for smart monetization of other affiliate links.
Use of this site requires displaying and viewing ads as they are presented.

Copyright © 2023 · Magazine Pro Theme on Genesis Framework · WordPress · Log in