You’re running out of time to protect your computer
Hackers are coming: More than 1 million users need to scramble to protect their PCs
By Priya Anand
International law enforcement authorities over the weekend took control of two hacker networks that have infected more than a million computers worldwide to steal banking information and lock devices until users pay a ransom, U.S. officials announced last week.
People should run security tests on their computers within the next two weeks, before the masters of the botnets have a chance to regain control, the United Kingdom’s National Crime Agency says.
One malware-driven network, called “Gameover Zeus”, lifted banking credentials from as many as 1 million infected Microsoft Windows computers, to steal more than $100 million.
The U.S. is home to the highest percentage of Gameover Zeus infections, at 13%, according to Mountain View, Calif.-based security company Symantec.
The second seized network, built using Cryptolocker malware, kidnapped files.
Cryptolocker took hold of more than 234,000 computers, about half of which were in the U.S. Its controllers demanded ransom payments from people, making an estimated $27 million in its first two months, according to the Justice Department. (Also see: Data kidnappers hold your files for ransom)
Apple introduced the new OS X Yosemite on Monday, with features that make it much easier for Macs to get along with Apple’s all-star mobile devices, the iPhone and iPad. WSJ Personal Tech Columnist Joanna Stern explains.
The computer network seizures spanned Canada, France, Germany, Luxembourg, the Netherlands, Ukraine and the United Kingdom, freeing more than 300,000 victim’s computers.
The U.S. has charged 30-year-old Russian Evgeniy Bogachev, the alleged administrator of the Gameover Zeus botnet, with a 14-count indictment for conspiracy, computer hacking, wire fraud, bank fraud and money laundering.
“Over the next few days and weeks, our investigators and prosecutors will work with private-sector partners to notify infected victims and provide links to safe and trusted tools that can help them rid themselves of Gameover Zeus and Cryptolocker and then close the vulnerabilities through which their computers were infected,” Assistant Attorney General Leslie R. Caldwell said at a press conference Monday.
Malware that turns computers into bots — or robots that are part of a larger network called a botnet, like Gameover Zeus — can creep into computers in many ways, even when users don’t open the door by clicking on malicious links in spam or downloading funky applications and software.
The U.S. Computer Emergency Readiness Team, a unit of the Department of Homeland Security that handles cybercrime, posted a list of antivirus and anti-malware software it recommends people run, in addition to changing passwords.
People should heed the two-week warning issued by the U.K. agency, security experts say. That’s the amount of time they expect it would take criminals to regain control of the networks, says Vikram Thakur of Symantec’s security response team.
Here are some experts’ tips to discern whether your computer is a bot:
The website you’re on isn’t the one you opened
A telltale sign that a computer has been compromised is when the website that pops up isn’t the same one a user attempted to open, says Symantec’s Thakur. Or, beware if you conduct a search using one engine but results appear in a different search engine or are unrelated to the query.
Programs and the Internet are running unusually slowly
Users of infected computers might notice a dramatic difference in how much time it takes to open programs or load websites, says Rami Essaid, CEO of Arlington, Virginia-based Distil Networks.
The security company found in a report this year that bad bots doubled their presence last year to account for almost 24% of web traffic in the last quarter of 2013.
Still, not every botnet will try to suck up resources from the zombie computers in its network. Botnets that simply look to scrape information — like Gameover Zeus, which lifted financial credentials — may not exhibit this symptom.
Check the activity monitor
What processes is the computer running? Open the task manager, sometimes called an activity monitor, to check what applications are running, particularly when you turn on the computer. Is an unfamiliar application automatically booting up each time the computer turns on? That’s a red flag, Essaid says.
Log into your router to track activity
A zombie computer that’s part of a botnet will run automatically even when a user isn’t working on the machine. Many routers provide usage reports that people can log into in the same way they logged in to set up the system.