The window for computer users to protect themselves from the GOZeuS and CryptoLocker malware closes at midnight tonight.
Earlier this month the National Crime Agency (NCA) announced that an international operation had temporarily weakened the botnet behind the two related threats, providing computer users already infected with a two-week opportunity to rid themselves of the malware and help prevent future infection.
According to the NCA, current indications are that UK GOZeuS and CryptoLocker infections have reduced since the announcement, but according to the IET the warnings have gone largely unheeded and more must be done to tackle the threat of an infection, particularly by Internet service providers (ISPs).
IET cyber security expert Hugh Boyes said: “Based on the latest statements from the National Crime Agency it would appear that their campaign to encourage computer users to scan for and remove GOZeus and CryptoLocker infections has been only partially successful.
“The IET believes that more could be done to tackle existing infections. ISPs, for example, could restrict Internet access to infected machines or IP addresses by redirecting users to a page with information on infection removal. They could also provide telephone technical support to customers to help them to remove the malware.
“A joined-up approach of law enforcement working with the ISPs to reduce the number of infected computers would benefit everyone.”
According to the NCA, enhancing security after the two-week period has elapsed will still be effective against cyber-crime threats, but may not give the enhanced protection available while the GOZeuS and CryptoLocker system is at its weakest.
Andy Archibald, deputy director of the NCA’s national cyber-crime unit, said: "This is about taking a few simple steps to keep your money and personal information in your hands, rather than those of international criminals.
"While there is never a bad time to maximise your online security, and it is something we should all do regularly, acting now can provide unprecedented levels of protection from these types of malware. If you haven't already, we urge individuals and small businesses alike to take action.”
Members of the public who think they have lost money through malware such as GOZeuS and CryptoLocker should report it at the police's Action Fraud website.
The IET has released some tips to avoid becoming a victim of cyber-crime:
- Install Internet security software from companies listed on Get Safe Online
- Do not open emails unless you are 100 per cent certain that they are authentic, i.e. you know the sender and the email is from them
- Make sure your Internet security software is up-to-date and switched on at all times
- Make sure your Windows operating system has the latest Microsoft updates applied. If running
- Microsoft XP, remember that this operating system is no longer being supported and all home and
- small business users should move onto an alternative operating immediately to reduce the risk of malware infection
- Make sure your software programs have the latest manufacturers' updates applied
- Make sure all of your files including documents, photos, music and bookmarks are backed up on a separate machine
- Never store passwords on your computer in case they are accessed by GOZeus or another aggressive malware program