As a member of Infragard, a public/private partnership between the FBI and security leadership around the country, I have access to a number of FBI alerts. Many have controlled distribution, but some are completely open. Monday June 2, the FBI issued Flash #32, one of their more timely alerts. This alert regards the re-emergence of the Zeus bot, which was responsible for stealing millions of dollars a few years back. The malware has returned in a slightly mutated form, with the same intent: watching users log into financial accounts, then returning as those users and initiating financial transfers.
The latest attack leverages spear phishing, a social engineering attack in which attackers pose as real people and send links to what appears to be legitimate web content but which initiate the actual infection. Spear phishers pose as legitimate people on Facebook and other social media – in fact, I personally received two uninitiated invites to “friend” people on Skype; I believe they are related. (Not even security professionals are immune to these things, I guess.) This latest rebirth has led to doomsday articles like this one: http://mynorthwest.com/11/2537556/Threat-Countdown (linked as of June 6, 2014).
What is interesting about the attack is that it’s such a classic security event:
- It propagates through social engineering, which is the art of making people do what they shouldn’t do. The top social engineering technique these days is using bots to make friends on Facebook, Twitter and other social media. Just because someone invites you to be friend doesn’t mean you have to. If you don’t recognize the name, don’t accept the friend request.
- Surprise – it spreads via malicious links in e-mail. Most commonly, social engineering involves convincing people to click links in e-mail and chat. Friends, if you get a link in e-mail, DO NOT CLICK IT. Don’t. Just don’t click it, OK?
- According to the mynorthwest.com article, users have two weeks until the next “attack”. This isn’t true, on many fronts… First of all, we’re all under constant attack; we just don’t recognize it. Secondly, the ‘window’ to not be attacked is currently unknown. The FBI cyber crimes division has figured out Zeus’ command and control system and has temporarily broken it. They will return, infected machines will eventually find a way to phone home, and the virus will wake up again.
- Not surprisingly, the attack is most successful on… wait for it… unpatched computers. If you don’t want to be infected by this (or most other) malware, update your computer regularly. It’s so simple – Windows and Mac OS allow you to automatically install updates. Use that feature, take it (literally) to the bank. And if you’re still running Windows XP, well… don’t. Your XP-capable machine is just as capable of running Linux Mint as it is XP, so if you don’t want to buy a new computer to run Windows 8 or Mac OS X, then at least migrate to Linux. It looks almost the same as Windows, you can still run a modern browser, and Libre Office is a decent replacement for Microsoft Office (and Libre Office is free).
- If you are running Windows, turn on the “Enhanced Mitigation Experience Toolkit,” which adds a second layer of protection above and beyond the firewall, anti-virus, and malware prevention build into Windows.
- Also, make regular backups of your data. All of it – photos, documents, email, etc. Another very nasty piece of software is Cryptolocker, which infects your PC and encrypts everything. When the user attempts to log into Windows, Cryptolocker prompts them to pay a ransom to unlock all their data.
- Finally, after all of this, run Malware Bytes Anti-Malware. This tool scans your harddrive looking for evidence of malware that may have slipped past your other defenses. It’s reactive, but if you can catch the malware at any point, it’s a good thing. Malware Bytes is a free product, but they do have a premium product as well.
Despite all the doom-and-gloom about the new Zeus, the fact is that the malware can be defended against. Be aware of social engineering attacks against you. Don’t click on links in e-mail or social media. Keep your computer up to date, and perform frequent checks for malware. Nothing here is rocket science, and even the least technical person can take these safety measures.
Microsoft’s security page: www.microsoft.com/security
Microsoft Bit Defender/Security Essentials: http://windows.microsoft.com/en-us/windows7/products/features/windows-defender
Malware Bytes anti-malware: https://www.malwarebytes.org/