US indictment against Russian hacker prompts panicked NCA statement.
A US indictment against a Russian hacker over trojan malware Gameover Zeus (GOZeuS) has led the UK’s National Crime Agency (NCA) to claim that a two week window has opened in which computers can be secured against cyber-attacks.
Evgeniy Mikhailovich Bogachev was hit with charges of conspiracy, computer hacking and various counts of fraud by a federal grand jury in Pittsburgh, US, with a separate civil injunction accusing him of leading a Ukrainian and Russian cyber-gang.
In a statement the NCA said: "Action taken by the NCA to combat the threat will give the UK public a unique, two-week opportunity to rid and safeguard themselves from two distinct but associated forms of malware known as GOZeuS and CryptoLocker."
GOZeuS, a trojan horse virus often implanted through email phishing, is claimed by the agency to have fraudulently transferred millions of pounds around the world, though just over 15,500 computers in the UK are thought to be infected.
Once installed the victim’s computers are linked to a BotNet service which alerts criminals when there is an opportunity to steal valuable information. The malware also allows criminals to infect computers with ransomware CryptoLocker, which locks up machines before demanding payment to release them.
Computer users are being instructed to take the next two weeks to apply security patches to software and run scans on their hardware, advice that most security professionals would consider to be applicable all the time.
Mark Coates, EMEA VP of digital security firm Good Technology, said: "This is the ‘gold rush’ generation for computer viruses and personal data is the currency of today.
"Yet there’s still a gap in awareness of how to protect personal data. The man on the street is highly vulnerable, but so are big businesses – because people use the same devices for personal email as for business tasks. This threat affects everyone."
The NCA is currently working with the FBI, the European Police Office (Europol), and companies from the financial, internet security and ISP sectors to tackle the threat posed by the malware.