An international law enforcement project to disrupt the Gameover botnet is underway.
Gameover, aka Gameover Zeus or GOZ, is currently installed on up to a million computers worldwide. The botnet is rented out for malicious purposes, including harvesting private information, sending spam email, denial of service (DoS) attacks, extortion, and distribution of various kinds of malware, including the awful CryptoLocker [1,2] ransomware.
This effort to disrupt GOZ has already been very successful: the botnet’s owners are no longer able to control clients. As for Cryptolocker, newly-infected machines can no longer communicate with their controlling servers, which means they are safe, at least for now. Infected machines that are already encrypted are not affected and must still pay the decryption ransom or lose all encrypted information.
Brian Krebs provides additional details on his Krebs on Security blog.
Update 2014Jun09: Brian Krebs has a behind-the-scenes look at what went into this takeover. To this point, the takeover seems to have been 100% effective, but the botnet developers may have more moves left.
This month’s Ouch! newsletter (warning: PDF) from SANS provides a basic overview of malware: what it is, where it comes from, who creates it, and how it infects your computer. A good read for anyone who has wondered what malware is and why it’s a problem.
A new variant of the nasty malware known as Cryptolocker is appearing on the Internet. Cryptolocker – once it infects your computer – encrypts all your files and then demands money to decrypt them. If you fail to pay within a specified time period, your files become permanently inaccessible.
The new version of Cryptolocker can apparently spread itself via portable media such as thumb drives. It is also often disguised as a software activation program for Photoshop and Microsoft Office on file sharing sites. The original Cryptolocker typically arrived in the form of a fake PDF file.
Disguising Cryptolocker as a software activation program is a particularly devious way to spread the malware. Every day, thousands of people who can’t afford the massively overpriced Office and Photoshop look for alternative ways to use that software, and now those people are going to be risking more than the ire of Microsoft and Adobe.
SANS reports on a holiday-themed scam email showing up in inboxes recently. This one purports to be from a major retailer such as Costco or Walmart, and tries to trick the recipient into clicking a link related to a phony undelivered package.
If you receive such an email, just delete it. If you think the message may be legitimate, don’t click the link; contact the retailer by telephone or go to their official web site and contact them using information provided there.
Two posts on the SANS ISC blog dig into the technical details of this scam.
Adobe recently issued a warning about a new scam email making the rounds. This one appears to contain license information for Adobe products, but is not legitimate and may contain malicious attachments and/or links to malicious web sites. Recently-compromised Adobe systems may have provided recipient addresses for this email.
Christmas is coming, and along with it, holiday-themed scams, spam and malware. It’s a time for families to come together and celebrate, but it’s also a time to be wary and vigilant.
CERT has provided a handy set of guidelines and tools you can use to avoid being the recipient of one of these unwanted ‘gifts’.
Canada is late to the game when it comes to anti-spam laws, but with the recent passing of the “Canadian Anti-Spam Legislation” (CASL), it’s about to get a lot harder for spammers to do their work here (yes, I’m in Canada).
As with other anti-spam laws, the focus of CASL is consent. The following activities will become illegal with the new law: sending a commercial electronic message to a recipient without the recipient’s consent; installing software on a recipient’s computing device without their consent; and altering electronic messages during transmission without the recipient’s consent.
Other activities that will become illegal with the new law include: collection of personal information through access to computing devices; and harvesting electronic addresses from the Internet through automated methods for the purposes of building bulk email recipient lists.
There is no set timeline for enforcement of CASL to begin, but it should be within a few months, and certainly by the end of 2013. Once the law becomes official (comes into force), immediate compliance is expected. However, there will be a three year transitional period during which consent may be assumed for existing relationships.
Several different agencies will be involved in enforcement of the new law: the CRTC, the Competition Bureau, and the Office of the Privacy Commissioner.
- Any commercial electronic message is assumed to be illegal, although there are exceptions.
- Potential recipients of commercial electronic messages cannot be added to recipient lists automatically. Explicit consent to receive such messages must be given by the potential recipient. In other words, commercial email list subscription must be “opt-in” instead of “opt-out”.
- Software must not be installed automatically on customer computers. This part of the law is meant to curtail the forced installation of unwanted software along with other (wanted) software.
The new law will present serious challenges to commercial organizations, so it would be wise for all such organizations to begin assessing its impact immediately. Penalties will typically take the form of very steep fines: up to ten million dollars.
An official FAQ for the new law is available.