The Sophos Community will be offline for scheduled maintenance this Saturday, May 27th, at 13:00 UTC for approximately 1 hour. Apologies for any inconvenience caused.
"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
This article provides information on the malware called Gameover Zeus.
Applies to the following Sophos product(s) and version(s)
Not product specific
Gameover Zeus, or just "Gameover" is a well-known piece of malware that allows an innocent users' computer to be controlled remotely for criminal activity. If infected your computer then becomes part of a botnet - which is a large number of infected computers that can be used collectively by a centrally controlled computer.
We detect and block the various components of this malware under the following names:
We release IDE files to 'top up' the main virus engine. After three months the IDE files are combined with the virus engine. Because of the age of the detections there is no particular IDE name you need to check for on disk - simply ensure you are up to date.
For the IDE released in February 2014: Troj/Zbot-HTQ is covered under zbot-htr.ide; Troj/Zbot-HTS is covered under rovnix-a.ide; Troj/Necurs-BD is covered under zbot-hqu.ide. Note: For up to date installations these IDE files will not be present in the Sophos Anti-Virus folder.
You may find it useful to know, as an example, that an IDE file called weels-o.ide was released on June 9th 2014. Hence the presence of this file (C:\Program Files (x86)\Sophos\Sophos Anti-Virus\weels-o.ide) shows your installation is up to date as of Monday June 9th.
Jeder hier hinterlassene Kommentar wird von einem Mitarbeiter gelesen, wir antworten jedoch nicht auf spezifische technische Fragen. Wenn Sie technischen Support benötigen, posten Sie bitte eine Frage in unserer Community. Alternativ können Sie für lizenzierte Produkte auch ein Support-Ticket öffnen.