Gameover virus Q&A

Warning about viruses and other malware are a common occurrence these days, but you may have seen some talk about GameOver Zeus in the past couple of days. That’s because the FBI has managed to disrupt the network of computers that were taken over by the virus, and announced details of an arrest in the case.

What is it?

Gameover Zeus, also known as GOZeus or P2PZeus, is a virus that steals financial information from your computer Well, not just financial information: it can also view your files, poke about your bank accounts or even hijack your webcam to spy on you. Your computer is basically at the mercy of It creates an army of infected computers, known as a botnet, that can be controlled remotely without the owner’s knowledge. The FBI believes it is responsible for the theft of millions of dollars from people in the US and further afield - about $100 million at a rough estimate.

Where did it come from?

It’s a peer to peer variant of an older virus known as Zeus, which has been around since 2007. But this time, authorities say the instructions sent out to the infected computers can come from any machine already being controlled by the virus, which makes it a little more difficult to tackle. GameOver Zeus has been around since September 2011.

In the US, criminal charges have been filed against Russian man Evgeniy Mikhailovic Bogachev, claiming that he is the alleged administrator of the GameOver Zeus Botnet.

Who is at risk?

Anyone running Windows, from 95 up to Windows 8, can be hit by the virus. Microsoft Server 2003 to 2012 is also at risk. Machines running Apple's OS X software are not affected by the virus.

Between 500,000 and one million computers could have been infected worldwide, researchers say.

How does it get into my computer?

It’s spread through “phishing” emails, spam emails that you find in your inbox claiming to be from a reputable source - banks, government agencies such as the Revenue Commissioners, for example - that usually direct you to a site to either confirm your credentials or log in to claim a refund of some sort. In Gameover Zeus’s case, there is an attachment with the email that directs your computer to download a file from a server that will infect your machine. If you open that file, it’s pretty much game over.

The same emails could also come from what appears to be a friend; thanks to stolen or hacked email lists, your friend or colleague’s email address could be made to appear to be sending infected emails.

What should I do?

Prevention is better than cure. If you get an email claiming to be from your bank that has an attachment, don’t open the file. Likewise if you have any suspicions about an attachment in an email claiming to be from a friend. If in doubt, don’t open it.

If you suspect your computer has been compromised - and even if you don’t - the best thing you can do is scan your system for malware. Should the worst happen and the scan throws up some malware, there are free tools online available to remove it. Try F-Secure’s online scanner (http://www.f-secure.com/en/web/home_global/online-scanner), Sophos’s Virus Removal tool for XP and above (http://www.sophos.com/en-us/products/free-tools/virus-removal-tool.aspx) or Kaspersky’s malware removal tool (http://support.kaspersky.com/viruses/utility#kasperskyvirusremovaltool)

In the future, keep your antivirus software up to date. And if you don’t have any, install some quickly.

Updating your operating system is also a good move - unless, of course, you have software older than Windows XP. Microsoft recently stopped offering support for XP, which means holes and vulnerabilities will now go unpatched, although third party antivirus software providers will support it for the time being. It might be time to start looking at an upgrade for your computer though.

Anything else I should know?

There's a second bit of malware doing the rounds at the moment - Cryptolocker. This is a particularly nasty piece of ransomware that will lock down your computer, keeping you out of your email and files, and demand money to unlock it. There are no guarantees that paying over the requested amount will actually unlock your computer. It gets into your computer the same was as Gameover Zeus; according to the UK's National Crime Agency, if Gameover Zeus doesn't find enough information on your computer to make it worth its while, Cryptolocker takes over and shuts down your computer until you pay up. And if Cryptolocker gets in and encrypts your system, it's too late.

More than a quarter of a million people worldwide have been affected by Cryptolocker, with 121,000 in the US. That has netted about $30 million in ransom payments from September, when Cryptocker first emerged, and the end of December.