GameOver Zeus P2P Zeus Botnet Temporarily Taken Down

Finding Malware

On June 2, 2014, the Department of Justice and the FBI announced a multinational effort to disrupt the GameOver Zeus botnet, believed to be responsible for the theft of millions of dollars from businesses and consumers in the U.S. and around the world. GameOver Zeus is an extremely sophisticated type of malware designed specifically to steal banking and other credentials from the computers it infects. It’s predominately spread through spam e-mail or phishing messages.

Unbeknownst to their rightful owners, the infected computers become part of a global network of compromised computers known as a botnet—a powerful online tool that cyber criminals can use for their own nefarious purposes. In the case of GameOver Zeus, its primary purpose is to capture banking credentials from infected computers, then use those credentials to initiate or re-direct wire transfers to accounts overseas that are controlled by the criminals. Losses attributable to GameOver Zeus are estimated to be more than $100 million.

Unlike earlier Zeus variants, GameOver has a decentralized, peer-to-peer command and control infrastructure rather than centralized points of origin, which means that instructions to the infected computers can come from any of the infected computers, making a takedown of the botnet more difficult. But not impossible

In UK the BBC originally had quite a sensational headline

and more details and

OK lets clear up some of the FUD and misinformation spreading around, particularly that issued by UK crime agency who don’t seem to know what they are talking about or are incapable of putting it in a clear format without causing undue alarm

Zeus/Zbot has been around in various incarnations for years. A more recent version has been named Game-over or P2P Zeus because of the way it works. This has been responsible for quite a high proportion of phishing/spam/malware laden emails See almost any page on this blog for examples of the sort of emails that this botnet sends

On 2 June 2014 a combined effort by Microsoft, FBI, UK crime agency, other European & worldwide national Computer and crime agencies and worldwide ISPs managed to temporarily take down the major C&C ( command and control) nodes.
The 2 weeks comes from the time it is expected for the bad guys to regroup and recreate the C&C network using new servers and ISPs. While the C&C is down, it is much easier for an antivirus to clean an infected computer, because it isn’t continually receiving instructions to download new malware or send any spam or malicious emails. As soon as the C& C is re-established , any infected computer will start immediately to receive instructions & start sending spam & malware again

If you aren’t already infected, the nothing will happen in 2 weeks time, except you will most probably see a sudden increase in spam & malicious or phishing emails, that have suddenly stopped for this week, although we are starting to already see other botnets taking up the slack and sending spam

Leave a Reply

Your email address will not be published.

Related Posts