The most active banking Trojan network of 2013 was finally disrupted by joint efforts of the Federal Bureau of Investigation (FBI), the Department of Justice (DOJ) and the European Cybercrime Centre at Europol. The FBI released a statement on June 2nd, saying that GameOver Zeus botnet was finally disrupted. What is more, the FBI managed to identify the person responsible for administrating this botnet. Evgeniy Bogachev from Anapa, Russian Federation and three other subjects are wanted for their involvement in racketeering activities. To seal it off, the FBI issued criminal charges in Pittsburgh and Ohama against the alleged GameOver Zeus Botnet administrator.
Evgeniy Bogachev was charged with bank ground and money laundering, computer hacking, conspiracy and wire fraud. The charges were issued in connection with him being the alleged botnet administrator. He is also said to be a leader of a group of cyber criminals based not only in Russia, but in the Ukraine as well. This group of cyber criminals is responsible for creating and administrating GameOver Zeus botnet and also CryptoLocker ransomware scam. As a result, the FBI added Evgeniy Bogachev was added into the FBI’s Cyber’s Most Wanted List. This crackdown has long been coming, considering the botnet’s background.
According to a security report, issued by Dell SecureWorks Counter Threat Unit (CTU) in February 2014, GameOver Zeus was the most active Trojan botnet on the web. GameOver Zeus took up 38% of the entire banking Trojan market. Computer security experts suggest that this botnet has been created after a long period of trial and error. Cyber criminals have learned to adapt to new environments, creating new procedures to avoid security products and services.
To illustrate how grave the situation was, GaveOver Zeus affected over 900 financial instructions in more than 65 countries around the world. Most of those institutions are located in the United States. It is not only commercial banks and credit unions that have been targeted by this botnet. GameOver Zeus attacks payroll vendors and even dating websites as well.
GameOver Zeus has been on the market for a while because it first emerged in the middle of 2011. As a genuine banking Trojan, it employs logging keystrokes in order to steal online banking information. However, it also comes with some additional functions that allow GameOver Zeus to initiate distributed denial-of-service (DDoS) attacks against the targeted institutions. Not to mention, that the Trojan could also avoid perimeter security (like firewalls and web filters) by pretending to be an encrypted .exe file.
GameOver Zeus is a banking Trojan botnet that uses decentralized peer-to-peer system for its command and control infrastructure. It means that there is no central computer that issues instructions or updates for the infection – any infected computer could do that. All it takes is to be part of a botnet.
A target computer gets infected with GameOver Zeus via spam email attachments or malicious links embedded in the email messages. Users might also get infected by visiting malware-related websites. Once the computer is infected, it becomes a part of a bigger network, and it can receive orders from any of the command and control servers.
GameOver Zeus botnet usually extorts banking information that results in illegal withdrawal of funds, but it can be also used to distribute additional malware, such as Cryptolocker ransomware application. Cryptolocker encrypts files on the infected computer and takes the system “hostage,” demanding payment. According to various reports, users around the globe have transferred approximately $30 million in ransom payments in just the last quarter of 2013.
All in all, more than 1 million computers were infected by GameOver Zeus botnet around the world and 25% of the infected systems are located in the United States. Needless to say, that hundreds of millions of dollars have been lost globally due to this infection.
Therefore, the news of the crackdown of this botnet network is very welcome. Based on the FBI report, the U.S. and foreign law enforcement officials seized the malware’s command and control servers. However, it does not mean that users should let their guard down. There are tons of other botnets around that can cause just as much damage as GameOver Zeus.
If you suspect that your PC might be infected, there is a checklist you should go through to be sure. When a computer is infected with malware, the system operates slowly, and your mouse cursor moves around your screen even if you do not touch the mouse. In some cases, you may see text-based chat windows appear on your screen out of nowhere. Finally, the dead giveaway is unauthorized logins and money transfers from your bank account, and the inability to access your files. If you see a ransom demand on your screen, then you are definitely infected with malware.
There are, however, certain security measures you can employ to avoid anything similar to GameOver Zeus. Investing in a licensed antimalware tool and keeping it updated is one. You should also make sure that automated patches option is enabled for both – your web browser and your operating system. While you are on the internet, using a pop-up blocker and strong passwords might also be a good idea.
Another important thing in ensuring your PC’s security is downloading software from official websites ONLY! Consequently, steering clear from unfamiliar links and unknown attachments in your email box might also help. Remember that one of the reasons why the cyber criminals behind GameOver Zeus managed to steal so much money is because computer users are not acutely aware of the dangers on the Internet.