"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
This article provides information on the malware called Gameover Zeus.
Applies to the following Sophos product(s) and version(s)
Not product specific
Gameover Zeus, or just "Gameover" is a well-known piece of malware that allows an innocent users' computer to be controlled remotely for criminal activity. If infected your computer then becomes part of a botnet - which is a large number of infected computers that can be used collectively by a centrally controlled computer.
We detect and block the various components of this malware under the following names:
We release IDE files to 'top up' the main virus engine. After three months the IDE files are combined with the virus engine. Because of the age of the detections there is no particular IDE name you need to check for on disk - simply ensure you are up to date.
For the IDE released in February 2014: Troj/Zbot-HTQ is covered under zbot-htr.ide; Troj/Zbot-HTS is covered under rovnix-a.ide; Troj/Necurs-BD is covered under zbot-hqu.ide. Note: For up to date installations these IDE files will not be present in the Sophos Anti-Virus folder.
You may find it useful to know, as an example, that an IDE file called weels-o.ide was released on June 9th 2014. Hence the presence of this file (C:\Program Files (x86)\Sophos\Sophos Anti-Virus\weels-o.ide) shows your installation is up to date as of Monday June 9th.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.