Last week, law enforcement agencies across the world, including the FBI, co-operated to shut down the servers behind the GameOverZeus trojan. This particularly nasty piece of malware steals your passwords from a variety of web sites, including banks, in order to try to take your money.
Experts were warning that the criminals behind the servers, to which the malware sends details of the passwords it finds, will probably get them back up and running within 2 weeks, and urged everyone to ensure that their PC protection was up to date. So if you haven't checked your antivirus software in a while, or if your subscription has expired, now might be a good time to do something about it.
F-Secure has set up a web site which, the company claims, can tell you whether your PC is infected by the GameOverZeus malware. The malware works by intercepting your web browsing and, if you surf to any sites which contain the word Amazon, Ebay etc. inject some additional code into the page which captures your password and sends it to the hackers' server. F-Secure have, therefore, set up a harmless page on their own web site, the address of which happens to contain the word "Amazon". When your browser takes you to that page, their server checks whether the page you viewed has been altered to include the malware code. If it has, it's a fair bet that your PC has the malware.
So to find out whether your computer is safe, just head to http://campaigns.f-secure.com/en_global/zeus/ols/ in your web browser and wait a couple of seconds. The test is perfectly harmless, and will tell you instantly whether your PC is likely to be safe or not.
Comments
I'm not passing judgement on F-Secure which I know nothing about but companies that offer to provide these quick online scans for malware are in a good position to do some nasty things themselves if they aren't ethical. If you have a good anti-virus program and spy/malware program and another layer or two of protection you probably don't need these quick scan services and should only use them once several other users have provided feedback on their experience with them.
The reason I and many others have made Gizmos our preferred choice for freeware software is that the staff does pretty thorough UNBIASED research before they make recommendations. Since they can't anticipate everyone's needs they offer the pros and cons of each product and that is especially helpful. Keep up the good work.
F-SecureOnlineScanner-HC.exe is a packed file containing the following files which are placed on your root drive C:\
cleanup_tool.exe 150,568 bytes
config.ini 75 bytes
fsdart.cfg 1,228 bytes
fssos.exe 2,698,28 bytes
fssos_admin_helper.exe 3,359,568 bytes
I don't know what they do, but they were surreptitiously placed there without my knowledge or permission and that in itself makes me suspicious for a piece of software that is supposed to check for hacks on my system.
What concerned me about this check was that it was over within a few seconds and there was no activity from my hard drive, which would seem to indicate to me that it only scanned the present memory.
On that basis, I would not trust such a scan.
I prefer to use the advice on the The National Crime Agency site.
https://www.cert.gov.uk/resources/alerts/nca-alert-two-week-opportunity-...
Bit baffled why anyone would want to go any further than Rob actually suggested?
I've just followed the link he kindly provided, temporarily disabled NoScript, waited a few moments for the scan to finish, and now have on-screen an advisory reading: "MOST LIKELY NOT INFECTED. To ensure that your computer is clean of all infections, we strongly recommend that you run F-Secure Scanner now."
Well, doh. Of course F-Secure would "strongly recommend" that. The Ford salesman "strongly recommends" I do something of ultimate financial benefit to his employer every time my car goes in the shop for a service. So does my Internet provider ("strongly recommend" upgrading my package.) But the stronger they recommend, the less likely I take any notice: they're not medics advising on my personal health but commercial outfits looking to earn a few bucks out of stuff related to my computer's health.
I've no idea if an F-Secure scan has any merit at all, and until I have then the developer can "strongly recommend" as much as it wants and even increase yet further the size of the scanner link on what has to be one of the most godawful-looking web pages I've seen in a long while. Then again, I've no idea if the GameOverZeus scanner is anything more than a flashy hook to lure in the gullible. Seemed interesting enough to try though -- and then walk away. Thanks, Rob.
I do not know if this page is legit. Ideas and suggestions found on Gizmo's are rarely going to get one into trouble, but...
Having said that, I think this suggestion should be taken down. If the creators of this site had good intentions, I fail to see what they were.
I did not have a problem just going to the link, which is what Gizmo's said to do.
When you get there, however, it is total clutter, designed to get people (who trust Gizmo's) to use the scanner, which takes up about 30% of the page. Please do not go there. Do not use the scanner. Do not click the link.
Just a suggestion.
You are correct. I do not have to go there if I do not like their "products". I trusted you, not them, and so I did go there. As you also said, knowledgeable patrons of Gizmos probably will not click on a link, and I didn't. but the only comment present on the page when I wrote the comment was from a Gizmo's patron who did click on the "Scanner" link. Much to their dismay, it sounded like to me.
Oh well. I had no proof whatsoever that the script that they claimed was present on that page really was. I assumed that you had checked it out, and I have a lot of faith in Gizmo's and it's many contributors. That is how I saw what was there. That is why I responded as I did. i only felt that another Gizmos patron had had a bad experience there, and I guess I had a knee-jerk reaction by saying I thought it should be removed.
I lost site of the importance of using any tool at our disposal to fight this slime-ware. I am thankful for having been able to use it, and I apologize if I offended you or any other Gizmo's patrons.
Be careful not to click the link further down the page labelled "F-SECURE ONLINE SCANNER". I did and now I regret it.
I downloaded and ran F-SecureOnlineScanner-HC.exe. After the scan finished, the scanner informed me that malware had been found and a reboot was required.
After I logged back in, the scanner ran a second time and reported fixing two items: Trojan:W32/Injector and a redirected HOSTS file.
I retrieved the previous version of my HOSTS file from the last system restore point and found the the entries removed had been originally placed there by WinPatrol (http://www.techsupportalert.com/best-free-hips.htm). No nasties there!
I was wondering what the trojan was and found that my licensed copy of Zemana AntiLogger had been removed. Grrr!
I found this note in the newly sanitised HOSTS file: "The original HOSTS file may be restored from the product's quarantine feature."
But I'd never been asked to confirm removal of any program and there was no quarantine.
I guess the moral of this story is to be careful running scanners that are cut-down versions of full anti-malware products; they may do more than you want with no warning or recourse.