Last week the Department of Justice in the USA and the FBI announced a major breakthrough in dismantling and disrupting the GameOver Zeus botnet malware, as well as the Cryptolocker malware.
The FBI also announced that charges were filed against the mastermind behind this operation. Evgeniy Mikhailovich Bogachev, 30, of Anapa, Russian Federation, is now on the FBI’s most wanted list as the leader of a gang of cyber criminals based in Russia and the Ukraine. They are responsible for the development and operation of both the GameOver Zeus and Cryptolocker schemes. He is wanted for conspiracy, computer hacking, wire fraud, bank fraud, and money laundering in connection with his alleged role as an administrator of the GameOver Zeus botnet.
These sophisticated attacks and malware have been described as the one of the biggest cyber crime attacks ever committed.
Typically this kind of malware is distributed as an attachment to unsuspecting users via email. The emails look legitimate, but one a user clicks on the link or the attachment, the malware is installed on the computer without you even knowing it.
GameOver Zeus first begun appearing in 2007 and this malware, which is also known as “Peer-to-Peer Zeus,” is an extremely sophisticated type of malware designed to steal banking and other credentials from the computers it infects. Once a computer becomes infected, it automatically becomes part of a global network as a botnet without the user even knowing it.
Security experts estimate that between 500 000 and 1 million computers have been infected, 25 percent of those machines being situated in the USA. The FBI estimates that the criminals behind GameOver Zeus have stolen in excess of 100 million dollars from people.
Typically when a machine became infected and the botnet went online, it captured all the credentials that were typed into the browser. So when users went to do their banking online for example or made e-commerce purchases, the thieves received every keystroke, thus capturing all the personal information. Once they had the banking or credit card information, they would login and transfer funds to international accounts.
If the GameOver Zeus malware did not find any valuable information on a computer, it then installed malware that has been coined as ransomware. Typically a computer would get locked, files encrypted, and the victim would have to pay a ransom to get their computer unlocked. So basically you computer was held hostage.
It is estimated that over 120 000 victims in the United States and over 230 000 worldwide have been victim of this ransomware, and have made ransom payments of approximately $30 million between September and December 2013, according to the FBI.
The botnets have been disabled by the authorities, but within the next week these criminals have the ability to turn the botnets that are situated in the infected machines back on worldwide, hence the urgency to clean out the malware off every infected computer.
Computer users worldwide have been urged to check if their machines are infected by GameOver Zeus (GOZ) by simply visiting virus vendor F-Secure’s link for a quick test.
The FBI also offers some great tips on how to prevent being infected.
Could your computer be infected?
- Your computer system operates very slowly
- Your cursor moves erratically with no input from you
- You notice unauthorised logins to your bank accounts or unauthorised money transfers
- Text-based chat windows appear on your computer’s desktop unexpectedly
- Your computer files lock up and a ransom demand is made to unlock files
Protect your computer from malware
- Make sure you have updated antivirus software on your computer
- Enable automated patches for your operating system and web browser
- Have strong passwords, and don’t use the same passwords for everything
- Use a pop-up blocker
- Only download software — especially free software — from sites you know and trust (malware can also come in downloadable games, file-sharing programs, and customised toolbars)
- Don’t open attachments in unsolicited e-mails, even if they come from people in your contact list, and never click on a URL contained in an e-mail, even if you think it looks safe. Instead, close the e-mail and go directly to the organisation’s website