Holidays have been even more exciting than usual here in Finland, but not in a good way. Apparently cyber criminals aren’t aware of the concept of Christmas peace, and multiple cyber attacks have taken place against some major Finnish websites and servers. During 20.-21.12., several Finnish Joomla-servers had been DDoS-attacked and infected with Brobot-malware. Then between 25.-27.12., at least the websites of Helsingin Sanomat, Iltasanomat, Iltalehti, MTV3, Nelonen and Yle were also under DDoS-attacks. For Finns, I highly recommend following CERT-FI in Twitter – they’re The National Computer Security Incident Response Team of Finland, and give all the official information about cyber attacks, and useful security tips too.
We had some small scale network security related drama within our family, because ISP disabled our ADSL some time during St. Stephen’s Day. It turned out that one of the five laptops attached to modem was infected with Zeus malware, and operator’s automatic security systems had shut down our line. We had two pure Windows 8 laptops and three which were upgraded just before Christmas from Windows 7 to 8. Although Zeus-variants are extremely hard to block in the first place, here’s the description of how I fought the infection.
Obviously before any other action I to shut down the modem. All Windows 8 machines had of course the integrated Windows Defender which did the deep cleaning first. After that I ran through in every machine the following, portable programs, from USB-drive: ZbotKiller, AVG Virus Remover Win32/Zbot, Norman Malware Cleaner, Microsoft Safety Scanner and ViruClean. I think every computer had something shady in them triggering different software, which was a healthy reminder how this type of more thorough cleaning should be done more or less regularly (assuming you don’t have premium security software that does that automatically for you).
Machines are now clean, ADSL is working, and life’s good again. I wish you all great holidays, and remember to stay (cyber) safe!