Gameover Zeus Virus
You may have heard through national news about the Gameover Zeus virus. This
malware is a real issue and has been for some time (see “What does this
virus do?" below). The good news is that the computers which
this particularly nasty malware relies upon have been temporarily disrupted.
This gives UCL a real opportunity to make things very difficult for the
organised criminals to extort money from people.
JANET (UCL’s network provider) is coordinating and advising the actions of
universities in the UK in support of this international effort. ISD is already
making behind-the-scenes changes to prevent infected computers from reporting
home to the attackers.
IT Managers: If your department runs their own DNS server, please get in contact
so that we can advise you how to make the necessary DNS changes to protect your
You can read JANET’s statement here:
What does this virus do?
The Gameover Zeus virus is a program that does several different things. First,
it looks for financial related information on an infected machine, and sends it
back to the attacker. If it finds none, it then installs the Cryptolocker virus.
This second virus then encrypts files both on the machine and on any network
drives (shares) that the machine has access to. The files are then held to ransom.
This can be extremely inconvenient and time-consuming for both the user and IT
staff. It is worth noting that, whilst there is the possibility of paying the
ransom, there is absolutely no guarantee of getting your files back.
What should you do?
- Ensure that your machine(s) are fully up to date, including your operating system, software including your browser, and any plugins.
- Ensure your anti-virus software is up to date.
- Be wary when reading your email- do not click on any links or attachments in unsolicited email.
- Back up your data regularly.
Page last modified on 19 jun 14 11:29