New virus GameOver Zeus threatens to steal personal data

Web users need to tighten up their security to protect against another new bug – GameOver Zeus, the National Crime Agency has warned.

Consumers have heard plenty of stories about online security in the past few months. But after the Heartbleed bug and eBay getting hacked just last month, the UK National Crime Agency (NCA) has once again urged consumers to rethink their security settings since another new bug has emerged.

GameOver Zeus infects computers when users click on a link or attachment sent to them from a computer that is already infected.

It will usually appear to be from a recognised contact, ensuring that unwitting users trust the content of the email, but will then attack the computer in a bid to find out personal and financial information.

If, however, it does not manage to find enough data, it can call in Cryptolocker, which secretly encrypts files on the computer and then refuses to release them unless the user pays a ransom.

Global authorities have managed to disrupt GameOver Zeus for now, according to the US Department of Justice (DoJ), while key Cryptolocker servers have also been seized.

“Through these court-authorised operations, we have started to repair the damage the cyber criminals have caused over the past few years, we are helping victims regain control of their own computers, and we are protecting future potential victims from attack,” said Leslie R. Caldwell, assistant attorney general in the DoJ’s criminal division.

But the NCA says this will only guarantee up to two weeks of relative safely before the criminals are back in control of the network. To make the most of this window, it is encouraging users to make the most of the resources on Get Safe Online to keep their computers safe.

At the same time, it has said that its consumers should always make sure they install and update the right security software, update applications, and run antivirus and antimalware programs. Crucially, users need to remember to be wary when clicking on attachments in any email they did not solicit – even if it appears to be from someone they know.

“Nobody wants their personal financial details, business information or photographs of loved ones to be stolen or held to ransom by criminals,” says Andy Archibald, director of the national cybercrime unit at NCA.

“By making use of this two-week window, huge numbers of people in the UK can stop that from happening to them.”