F-Secure releases one-click test for PCs infected by GameOver Zeus botnet
Last week Microsoft boasted of aiding law enforcement in the take-down of the GameOver botnet, one of the leaders in the theft of banking information. However, Microsoft was not the only tech entity involved, and the death notice may have been a bit premature.
One of the others involved was security firm F-Secure, and it has pointed out some important aspects of exactly what happened. The thing people should be aware of is that this does not mean the threat is gone. F-Secure claims that it was "disrupted -- not dismantled".
"It's not technically impossible for the botnet administrators to reclaim control in the near future. More than one million computers are infected by GOZ, time is of the essence", the researchers point out.
With that caveat in mind, the company has setup an online test for computers that will check for the infection, and it literally takes only a couple of seconds. Details of how it works are revealed in the announcement, for those interested in the technical aspects behind this. F-Secure says it is the first time it has used this particular technology.
"If you are infected, visiting our page makes GameOver ZeuS think you are going to Amazon, even if you're not! This in turn causes GOZ to add its own code to the webpage. When our 'fake' Amazon page is loaded, it does a 'self-check' and simply searches the page for the modification that GameOver makes. We search for the string 'LoadInjectScript' we showed above (note that we have to split it up, so we don't just end up finding our own string!)", the firm explains.
No recommendations for cleaning the PC are given in the announcement, but as always, the best advice is to backup your data and do a clean install of Windows. It's likely the only way to be sure.