In June the FBI reported that the the GameOver Zeus botnet had been disrupted and filed charges against a Russian Federation citizen as the administrator of the botnet. A botnet infects multiple computers and uses these to perform actions at the direction of the administrator. In the case of the GameOver Zeus botnet this particular malware specifically targeted banking information and other credentials that were then used to create electronic financial transactions and transfer funds from the computer owner's accounts to those of the criminals controlling the botnet. Most botnets make use of a centralized command and control system where the botnet can be disrupted by blocking traffic from that system. In the case of the GameOver Zeus botnet a decentralized peer-to-peer command and control infrastructure was employed allowing any computer infected to issue instructions to the entire network of computers that are part of the botnet network. This makes taking down the botnet more difficult. From an electronic payments perspective this type of activity threatens anyone who uses their computer to make online purchases or uses online bill pay with a bank account. Both of these methods of making payments are increasing at a steady rate each year. Wholesale bank transactions, where large amounts are transferred between banking institutions are another area of concern as most terminals into mainframe systems are PCs these days. The dollar amount of individual transactions of this type are surely of interest to the same people who go after individual's bank accounts. The method employed to disrupt the botnet was to redirect server communications from servers controlled by the perpetrators to computers to controlled by the US government. This required issuance of civil and criminal court orders for this to be accomplished, not something an individual will be able to undertake. The FBI coordinated the redirection with multiple international Computer Emergency Readiness Teams (CERTs) and these teams then were able to identify the IP addresses of infected computers so cleanup could occur. Recommendations to protect yourself from this type of malware include the same recommendations we've all been given for a number of years:
+ Ensure that your computer's antivirus software is up to date
+ Configure your computer to apply OS and browser updates automatically
+ Turn on the pop up blocker (seems like a number of applications require pop ups to be allowed still)
+ Only download from trusted sites
+ Don't open e-mail attachments you didn't request, and scan them regardless
+ Don't use embedded links in e-mail to go to a site, rather access an organization's web site directly
If you're like me though, you have probably ignored at least one of these recommendations in the last several months. This points to the need for continuous reminders of best practices in the security area.
No comments:
Post a Comment