The FBI has issued a warning about the latest identify theft/bank swindling malware, called “Gameover”. The “Gameover” scam is initiated through a phishing scheme that sends fictitious e-mails to a bunch of users from the National Automated Clearing House Association (NACHA), the Federal Reserve Bank, or the Federal Deposit Insurance Corporation (FDIC). After opening the email and selecting the hyperlink, the user is forwarded to a phony website that automatically installs the Trojan without their knowledge or assistance, then eventual access to the victim’s bank account becomes accessible to the scammer.
The scammers used what they call mules to launder the stolen funds by hiring unsuspecting people through the “work at home” advertisements. The hired employees are a work contracts and actual websites to log into. They are instructed to either open a bank account or use their own bank account in order to receive funds via wire and ACH transactions from numerous banks, then they are required to use money-remitting services to send the money overseas.
The “Gameover” Malware is not new; it is a new variant of the notorious Zeus identity-theft Trojan and it capable of defeating common methods of user authentication employed by financial institutions.
In the FBI’s warning stated:
“The malware is appropriately called “Gameover” because once it’s on your computer, it can steal usernames and passwords and defeat common methods of user authentication employed by financial institutions. And once the crooks get into your bank account, it’s definitely “game over.”
Gameover is a newer variant of the Zeus malware, which was created several years ago and specifically targeted banking information.”
The Malware is newer variant of ZeuS malware that steals your Confidential data related to Bank. Not only the malware steals the data but also make your computer as Botnet Slave. A botnet slave can be used to attack a website with Distributed Denial of Service(DDOS).
What make it very dangerous, the Zeus code was released into the wild, so they are many varients such as SpyEye and Ice IX.
SecurityOrb.com recommends the following:
- Verify your system have been updated to the latest distribution by the Software Vendor.
- Verify you have an anti-virus software and that it has been update to the latest signature.
- Do not access any links from your bank or entities calming to be affliated with your bank.
If you think you’ve been victimized by this type of scheme, contact your financial institution to report it, and file a complaint with the FBI’s Internet Crime Complaint Center.
Checkout the MSNBC video on malware: