Application Support

Virus Threat

Urgent Virus Warning

You will have probably seen the recent publicity in the media around the threat from a Cyber Crime ring aimed at the UK. The main words you may have heard banded around are ‘Ransom-Ware’, ‘Cryptolocker’ and ‘Gameover Zeus Virus’. We wanted to drop you a quick note with some information around this threat and what it means to you.

Gameover Zeus Virus
“The Gameover Zeus virus was first seen around September 2011 and mainly infects a computer by getting the user to install it by means of “Social Engineering” – meaning persuading the user to install it. This primarily utilises fake or fraudulent emails designed to look exactly like an authoritative organisation, like the Inland Revenue, or your bank or more recently we’ve seen emails from the Post Office. These fraudulent emails will look exactly the same as an original email, even coming from what looks like a legitimate email address, but usually with an attachment that contains the virus. The Gameover Virus is designed to log key presses and eventually steal banking information before encrypting itself and moving on to another terminal. When it leaves, this is where it installs the Crypto Locker virus.”

CryptoLocker usually travels within executable files (.exe) or disguised as a text document (.txt/.docx) in order to appear as believable and common. If opened, the malware activates and proceeds to ‘encrypt’, or lock, files on your computer and wider system.
The victim is then alerted about the action and held to ransom, demanding payment in exchange for the key supposedly required to unlock the files. This, however, is also a scam and SHOULD NOT be believed.

What to look out for
Essentially, this is classic deception and you probably wouldn’t fall for it if it was presented to you in other ways – for instance if someone came to your door saying they were from your bank, you’d want some kind of ID – so why is an email any different?
Generally, authoritative organisations won’t send you unrequested emails with attachments, and if you’re not expecting an email from them then take more precaution.
If you are unaware of what an email is referring to, or who it’s for in your organisation – don’t open the attachment – call the referring company and try to ascertain the email’s legitimacy before proceeding. Failing that, scan the attachment with your Anti-Virus software, or delete the email.
If the email is genuine then the sender can resend if necessary – as it’s better to take precautions than suffer the consequences.
Other traits to lookout for are spurious email address, or spoofed from names but also hyperlinks that refer to domains different to the perceived inbound email domain

What do you need to do?
From your point of view we advise you do the following :-
• Make sure the antivirus on your PC’s is up to date and regularly updated.
• Make sure your PC’s are patched to the latest level using Windows Updates.
• Make sure your servers are patched and up to date.
• Make sure Antivirus Scans are scheduled on your PC’s to run daily, in addition a ‘deep scan’ should be done weekly, outside working hours as this type of scan will impact performance.
Finally, please ask your staff / users to be vigilant, all of the above won’t stop a user from opening an attachment that may contain a virus, please ask them not to open anything that looks suspicious. As outlined earlier on, most of these attacks enter the systems as an email from what looks like a legitimate organisation such as HMRC, banks or government organisations you will recognise, these are what is known as ‘Spoof emails’ and are appear very realistic.

If you’d like further information or need any assistance, please call the support line on 0845 456 0053.