What is Gameover Zeus and How Do I Protect Myself?IBTimes UK

Law enforcement agencies in 11 countries - including Europol, the FBI and the UK's National Cyber Crime Unit - have disrupted the operation of a cybercrime gang which is responsible for the theft of hundreds of millions of pounds globally using the Gameover Zeus malware network.

In the wake of Operation Tovar, the National Crime Agency in the UK issued a stark warning to update computers within the next two weeks or potentially face a "powerful computer attack" when - as is expected - Gameover comes back online.

But what is Gameover, is it as dangerous as the NCA would have you believe, and if so, how can I protect my computer?

Here, we try to answer these questions:

What is Gameover Zeus?

Gameover Zeus is a sophisticated piece of malware (malicious software) which can take over your PC without your knowledge, giving those in control of it access to everything you do, as well as giving them the ability to record your keystrokes, video what you do on screen and even turn on your webcam.

What do the criminals controlling Gameover use it for?

Gameover is used by the criminal gang operating it to seek out and identify financial information stored on your computer as well as capturing any credentials you enter into online banking or shopping sites. Once they have this information, they use it to re-direct bank transfers into their own accounts.

To date, law enforcement agency estimates for how much this piece of malware has stolen range from €75 million (Europol) to $100m (FBI) into the hundreds of millions of pounds (UK's National Crime Agency).

What about CryptoLocker?

CryptoLocker Ransomware Trojan Bitcoin Payment Page
CryptoLocker Ransomware

If the Gameover Zeus malware doesn't find any financial information on your PC, then the criminals have designed it so that it will install the pernicious ransomware known as CryptoLocker, which encrypts your computer's hard drive, locking access to everything you have stored on it, and demanding your pay a ransom in order to get it unlocked.

CryptoLocker has infected more than 230,000 PCs globally by April 2014 having first emerged in September 2013.

In its first two months of operation, the FBI estimates that $27m (£16.1m) in ransom was paid.

How does Gameover spread?

Gameover is spread in the same way many pieces of malware are these days - via phishing emails.

The emails look like they come from trusted brands - which in the UK included Companies House and HMRC.

The emails can contain attachments storing the malware, or a link to a malicious website which searches the victim's system for vulnerabilities before installing the malware.

Does it affect Apple's Mac computers?

No, Gameover Zeus only impacts computers using Microsoft's Windows operating system.

How many people are affected?

Like the amount of money claimed to have been stolen using Gameover, the number of infected machines varies widely among security experts. The consensus is that somewhere between 500,00 and one million PC around the globe are infected.

In the UK, the National Crime Agency has said it believes 15,000 PCs are affected.

Who is behind Gameover?

The FBI has issued an arrest warrant for Evgeniy Mikhailovich Bogachev, a 30-year-old Russian who is believed to be the author of the original Zeus malware which emerged in 2007.

Bogachev is thought to have been operating Gameover with a core group of hackers based in Russia and the Ukraine since 2011.

How do I know if my PC is infected with Gameover?

The creator of Gameover designed it in such a way that those impacted are unlikely to known their PC is infected.

However security firm Trend Micro has set up tools to help you check if your system is infected here (32-bit) andhere (64-bit) which you can download to scan your PC.

Why do I only have two weeks?

The National Crime Agency warned people that they have two weeks to check their computers and protect themselves against Gameover.

Operation Tovar Disrupts Gameover Zeus
The impact of Operation Tovar is clearly seen in this graph from the Polish CERT showing the rates of activity of Gameover Zeus.

The reason for the two week deadline is that this is the amount of time the NCA believes it will take the criminal gang behind Gameover to get back up-and-running.

The problem with this deadline is that it may be much sooner than two weeks. If the gang has a fall back plan in place, it could have Gameover operating again within days.

How can I protect myself?

There are a number of steps you can take to protect yourself against Gameover Zeus and other similar malware.

  • Update - First and foremost, make sure that your Windows software is up to date and that you have installed any patches which Microsoft has issued for whatever version of Windows you are running.
  • Install antivirus software - while a lot of people will tell you that antivirus software is pointless these days, it is still a good first line of defence against a lot of the threats out there. There are also good free antivirus tools available including AVG and Microsoft Security Essentials meaning it won't cost you a penny.
  • Block attachments - One of the most effective ways to stop Gameover infecting your system is to block email attachments which contain executable files (.exe) or ZIP files with with executable files like SCR and EXE.
  • Spread the message - Trend Micro says that telling more and more people about the risks will help take advantage of the opportunity which this disruption has afforded people.