Friday, June 13, 2014

Vaksincom article 1: Game over Zeus

Hey guys, and welcome back to my blog. My dad just sent me an article to me, and told me to translate it for all the English-speaking people out there. I've already translated the article, but he told me to wait until Monday for him to publish the original article (the one in Indonesian language) on the Vaksincom website. So I thought, why not post it on my blog? So without further ado, here's the translated version for you guys...

Indonesia is the fourth most populous country in the world, with its internet users in 2014 was estimated at 42 million. According to Internetlivestats, the number of Internet users in Indonesia ranks 13th right under South Korea. However, the ratings number of Internet users did not conform with the awareness of security devices used. Evident from the statistics of the most dangerous financial malware infection as the name implies can cause “gameover” to the victim's account and can be said to be most feared by financial institutions in the world in 2014. GOZ or better known as the Game Over Zeus. It is not yet known if learning from the program either candidate of Indonesia's president is decentralized, GOZ evolved from initially having a Command and Control center is centralized to decentralized into by utilizing P2P (Peer to Peer) is very effective in protecting the maker of detection and entrapment law enforcement. But its creator has control over all the infected computers via P2P. Just so you know, the number of infections GOZ in Indonesia at the time this article was created, in June 2014 recorded 7,678 cases or 4.83% of total infection of the Top 20 countries most affected GOZ per June 2014. In Indonesia ranks ninth ranked as the country most affected GOZ. When comparing the number of Internet users ranked at number 13 and total ranking infection GOZ 9 then, without further analyzes may exist that take a quick conclusion that security awareness is low in Indonesia, especially those related to infection GOZ. However, whether the conclusion is true or not, Vaksincom will examine further for you.
Table 1, the GOZ infection in the world
Compared to conditions in the year 2012 where the infection reaches 113.196 unique IP GOZ (according to data from SecureWorks) ranks Indonesia at that time where it ranked eighth in total with no significant changes. Although there is a decrease in the quantity of infection, but it is also experienced by other countries as well so that Indonesia's ranking in the number of GOZ-infected computers (and still active to this day) has only decreased by 1 ranking. However, compared to the data with the data of 2012 today, it is in fact a major shift in the top 5 ranking. In 2014 the big 5 countries infected by the GOZ (in a row) consist of Ukraine, Japan, USA, Italy and India, while in 2012 the champion was the United States, Germany, Italy, Canada and Brazil.
Table 2: GOZ infections in 2012 (data from
Here we can see that Ukraine and Japan that did not enter the Top 10 in 2012 but managed to make it to ranks 1 and 2, displacing the United States to rank 3, while Germany was removed from the Top 10 to number 14 in 2014. Unlike the Japanese badminton team which managed to rank The first world champion Thomas Cup (a good thing), a high rank on GOZ infection means the opposite. More and more devices infected by GOZ indicate a threat to users and financial institutions in the concerned country. So Ukraine and Japan get a bad record, noting an increase in the total ranking of infected computers GOZ compared to other countries.

The Actual Position
However, whether it is fair we assess the hazard rating of the total number of infections without considering other factors? Supposing if you see 3 Toyotas get flat tires in a day and none of Lamborghinis getting flat tires in a week is enough to conclude that the Lamborghini car better than the Toyota? Of course there are other factors that must be considered, one of which is how the population of Toyotas and Lamborghinis. The analysis was also done on the Vaksincom article “20 Countries Most Vulnerable to Conficker” 2013 202013/conficker%%% 20statistic 20statistic% 202013.html. Although at that time the Chinese were the most infected by Conficker, the country with the most risk of Conficker is Argentina.
Back then Vaksincom was comparing the total number of GOZ infections to the total Internet users of the country concerned (the results can be seen in their website,

5 countries with the highest ratio of infection GOZ has changed. The 5 countries most affected GOZ that was formerly occupied by Ukraine, Japan, United States, Italy and India turned into Belarus, Ukraine, Algeria, Italy and Kazakhstan. Japan was thrown into rank 13 and catapulted India to rank 19. This happens because that when the number of Internet users in Japan and India is compared to the number of GOZ infections, the ratio is very small. How about the position of Indonesia? Indonesia was originally ranked 9. however, when compared with the ratio of internet users in the country it drops to 13th. However, it is better than Vietnam, which is still entrenched in the ranks 7 and 8. This is certainly the least a warning could do for all of us to consciously run a good security habits.

Vaksincom will create some follow-up articles that will give you some details about the recent GOZ lunge, which was quite amazing given its ability to perform “recruit receiver” couriers money through spam (which is in collaboration with Cutwail spam), it performs its antics via DDoS after successfully moving large amounts of funds from banks in order to distract their victims to the point of the action administrator inserting Cryptolocker insert into the victim computer in order to benefit financially if he feels that the computer which does not have the credentials are worth stealing. Do not forget who the two major Indonesian ASN that made ​​it into the Top 10 ASNs world most affected GOZ or P2P Zeus.
Alfons Tanujaya

No comments:

Post a Comment