Gameover Zeus Virus

You may have heard through national news about the Gameover Zeus virus. This malware is a real issue and has been for some time (see “What does this virus do?" below). The good news is that the computers which this particularly nasty malware relies upon have been temporarily disrupted.

This gives UCL a real opportunity to make things very difficult for the organised criminals to extort money from people.

JANET (UCL’s network provider) is coordinating and advising the actions of universities in the UK in support of this international effort. ISD is already making behind-the-scenes changes to prevent infected computers from reporting home to the attackers.

IT Managers: If your department runs their own DNS server, please get in contact so that we can advise you how to make the necessary DNS changes to protect your department. You can read JANET’s statement here:

What does this virus do?

The Gameover Zeus virus is a program that does several different things. First, it looks for financial related information on an infected machine, and sends it back to the attacker. If it finds none, it then installs the Cryptolocker virus. This second virus then encrypts files both on the machine and on any network drives (shares) that the machine has access to. The files are then held to ransom. This can be extremely inconvenient and time-consuming for both the user and IT staff. It is worth noting that, whilst there is the possibility of paying the ransom, there is absolutely no guarantee of getting your files back.

What should you do?

  • Ensure that your machine(s) are fully up to date, including your operating system, software including your browser, and any plugins.
  • Ensure your anti-virus software is up to date.
  • Be wary when reading your email- do not click on any links or attachments in unsolicited email.
  • Back up your data regularly.

Page last modified on 19 jun 14 11:29