Windows users have been given a two-week "window of opportunity" to get protected from a nasty malware duo, after UK authorities teamed up with international police to take control of hackers' command and control servers.
Operation Tovar, as it's been dubbed, shut down the servers behind CryptoLocker and GameoverZeus, which are normally spread via dodgy email attachments or phishing emails. The two work together, with CryptoLocker taking over if the latter can't find enough data to harvest and sell.
Cryptolocker encrypts a PC's files, demanding a ransom of one bitcoin to unlock the data, while GameoverZeus - also called P2PZeus - steals banking details.
The operation kicked off last week with the UK's National Crime Agency, the FBI, Europol and a host of tech firms including McAfee and Dell all working together. In all, organisations across 11 countries took part, letting authorities take control of the hackers' servers to pause the attacks.
Such cooperation is "almost unprecedented", said Rik Ferguson, Trend Micro's vice president for security research.
"This synchronised collaboration sets a new standard for that which is possible in the name of internet security," said Ferguson in a blog post. "This truly global operation has seen coordinated activities aimed at taking over or disrupting elements of the Command & Control infrastructure used to spread these pernicious malware families, but we cannot achieve this goal alone, every computer user has their own role to play."
What to do
He called on all Windows users to make use of the "window of opportunity" caused by the server disruption by scanning your system for both threats - there's a list of tools to do so here - and run all Windows updates. US-CERT also advised users to change their passwords.
The UK's National Crime Agency, warned everyone running Windows - including on servers, embedded systems and Apple virtual machines - that they have only two weeks to take action before the criminals' networks return to full strength. "This is not a case of isolated attacks, as over 15,000 computers in the UK alone are thought to have been already affected," the NCA added.
The NCA suggested ISPs will be sending warning letters or emails to customers. "They will know that your computer is infected because the NCA – working with other law enforcement bodies around the world – has taken over thousands of the criminal servers and examined the records," the agency said. "You must follow the advice on this page straight away. Even then, if your computer has been locked down by CryptoLocker, it is too late."
This article originally appeared at pcpro.co.uk
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
