Beware of New Malware – Gameover

The latest in Zeus malware or malicious software is called “Gameover”.  It was developed specifically to steal banking information.  The Federal Bureau of Investigation (FBI) has issued warnings to consumers about this new malware.  It can breakthrough authentication by financial institutions.  This malware was named “Gameover”, because once the criminal has access to your bank account, “the game is over”.

How you are infected

Spam emails are sent supposedly from the National Automated Clearing House Association (NACHA), the Federal Reserve Bank, or the Federal Deposit Insurance Corporation (FDIC) informing the consumer of a problem with their bank account about a recent Automated Clearing House (ACH) transaction. The message contains a link to help resolve the issue, which is actually a link to a fake website.  When you are at the site, you download this Gameover malware which infects your computer and steals your usernames and passwords to access your bank accounts.

According to the Federal Bureau of Investigation, “After the perpetrators access your account, they conduct what’s called a distributed denial of service, or DDoS, attack using a botnet, which involves multiple computers flooding the financial institution’s server with traffic in an effort to deny legitimate users access to the site—probably in an attempt to deflect attention from what the bad guys are doing”.

Some funds are used in other schemes

Some of the stolen funds are used by the criminals to purchase precious stones and expensive watches at upscale jewelry stores. The criminals contact the stores to tell them what they want and will wire the money the following day.  A person called the “money mule” picks up the merchandise from the store after the store verifies that the money has been transferred to their account.  The mule gives the jewelry to the organizers of the scheme or converts them for cash and uses money transfer services to launder the funds.

The “money mule” is often someone who has been hired from a “work from home ad” and is not aware that this is a criminal act.  They go to what they think is a legitimate website to apply for the job and accept it.  They are asked to use their own bank account or open a new one so they can receive funds via wire and ACH transactions from banks and then wire the money overseas.

Tips to protect yourself

To protect yourself from this, the Federal Bureau of Investigation advises the following:

Make sure your computer anti-virus software is up-to-date.

Don’t click on e-mail attachments from unsolicited senders. National Automated Clearing House Association, the Federal Deposit Insurance Corporation and the Federal Reserve don’t send out unsolicited e-mails to bank account holders. To confirm what was communicated in the email, contact your financial institution.

Don’t accept unsolicited jobs online requiring you to receive funds from numerous bank accounts and wire the money to overseas accounts.

Credit Damage Expert, John Ulzheimer, is the President of Consumer Education at SmartCredit.com, the credit blogger for Mint.com, and a Contributor for the National Foundation for Credit Counseling.  He is an expert on credit reporting, credit scoring and identity theft. Formerly of FICO, Equifax and Credit.com, John is the only recognized credit expert who actually comes from the credit industry.  Follow him on Twitter here.

Categorised in: Employment, Financial, Identity Theft

This post was written by John Ulzheimer