Criminal Botnets: Practical Advice
There has been a lot of publicity this week on the shut down of the prolific ‘Gameover’ botnet that was stealing financial and other sensitive information from victims' computers around the world.
The National Crime Agency has warned users they have about 2 weeks to remove the malware and protect their machines, before the botnet is likely to become active again.
The Doomsday scenario is that the attackers, concerned that their operation is compromised, will launch a mass attack for one final payday, leaving tens or hundreds of thousands of users with encrypted files and a low likelihood of ever recovering them.
attention associated with this botnet may also result in a rise in phishing
attacks; Emails purporting to come from organisations such as the FBI, the
National Crime Agency and organisations such as Get Safe Online, with links to
software claiming to clean computers could be used to dupe users into
I think I’m infected, what should I do?
If there is concern that a particular host is infected, the first step should be to download and run one of the tools listed on ‘www.getsafeonline.org/nca’, which will specifically identify and remove the GameOver and CryptoLocker malware. Be careful not to download tools from suspicious emails or other websites, as this may be a scam.Organisations should consider the following steps to protect their networks:
- Update Anti-Virus software and run a full scan across all computers
- Raise awareness and monitoring of phishing emails, ensuring all malicious links are rapidly blocked
- Apply the most recent operating system and software patches
- Back-up important files to avoid data loss
- Ensure there is monitoring in place to detect similar threats in the future
- Consider the impact of BYOD policies