A new computer virus is threatening computers worldwide, with the aim of stealing bank details and emptying the accounts of its victims.

The National Crime Agency in the UK and the FBI have warned against “highly sophisticated” malicious software, one of which has already resulted in £60 million disappearing from victims’ bank accounts.

More than 15,000 machines in the United Kingdom are believed to have been infected with the new virus, called “GameOver Zeus” (also known as GOZeus and P2PZeus) which has been engineered by a criminal gang based in the Ukraine and Russia. Once installed, the virus searches for files that will allow it to gain access to financial information and online bank accounts.

The GameOver Zeus virus spreads itself through unsolicited emails which may appear to come from legitimate organisations such as Companies House, UPS, DHL, British Airways, RBS and others. The emails will contain links or attachments, purporting to be innocuous files such as invoices, voicemail messages, or parcel tracking details. Once a computer is infected, it becomes part of the criminal gang’s “botnet” of infected computers, that spreads the virus further and transfers banking information back to the criminals.

Links to CryptoLocker

The virus could also result in infection from another aggressive form of malware known as the CryptoLocker virus, which has been documented previously in this blog.

CryptoLocker is a form of malware known as “ransomware” as it holds your computer and personal files to ransom. If infected, your computer will become unusable – and will only display the “your personal files have been encrypted” message, and provide you with details on how to pay to unlock them. According to the FBI, CryptoLocker has already been responsible for £16 million of extorted payments.

The GameOver Zeus virus first searches for files containing financial or online bank account details. If it finds these, it will transfer them back to the criminals via the “botnet”. The malware may also hide in the background whilst you use your computer, and monitor your activity, waiting to capture online passwords and banking login details. If it doesn’t find anything, it installs CryptoLocker to give the criminals another chance to recoup money from their victims.

Protect yourself and your business

The FBI and NCA have issued a warning to the public, saying that computer users have approximately two weeks to protect themselves. This is because a coordinated attack by authorities has enabled them to take temporary control of servers used to control the highly sophisticated malicious software. This activity, led by the FBI, has given computer users a unique two week window during which any action to strengthen online security can be particularly effective.

Members of the public can protect themselves by ensuring that they have security software installed and up to date, and run regular scans. Operating systems and applications should also be kept up to date, as viruses can also exploit unpatched flaws in these in order to gain “backdoor” entry into your machine.

You can also take measures to ensure that the impact is minimised if you become infected by CryptoLocker. By regularly backing up your files, you will at least have the option to restore from your most recent backup if you do become infected. Businesses can have all of their data backed up hourly if they utilise a backup and disaster recovery solution from an IT Support provider.

An excellent option for businesses is to use a managed antivirus solution, provided by an expert IT Support partner. Managed Antivirus means that you will pay a fixed monthly amount, and in return all of your PCs will be protected by the most advanced antivirus software. No input on your part will be required, as your IT Support provider will install and maintain the software, ensure it is always up to date, and carry out regular scans in the background, without disrupting your work.

Educate yourself and your staff

You can also take preventative measures against infection from GOZeus and CryptoLocker by ensuring you and your employees are fully educated and aware of the risks, and know how to spot the signs of a malicious email.

  • Be wary of all unsolicited emails
  • Do not click on links or download attachments in emails if you are not 100% sure they are legitimate
  • Be suspicious of emails from well known organisations such as banks, shipping and logistics companies, companies house and airlines.
  • Be particularly wary of .zip files and dropbox links in emails.
  • You should even be wary of emails from known contacts such as friends and family. If they have been infected, the virus can hijack their email account and use it to send out mass emails to their contact lists.