GameOver Zeus Botnet Servers Seized, Investigation for Creator Continues
GameOver Zeus is a computer virus that takes part in wire fraud schemes that involve stealing financial credentials from infected host computers, attackers who steal the credentials send money from the victims account, to their own accounts. GameOver is often distributed via a botnet, specifically the Cutwail botnet.
On May 30, authorities working for the European Cybercrime Center (EC3) worked with various security companies to take down and seize servers that took part in the Zeus botnet malware operation. Abuse.ch, Crowdstrike, Shadowserver Foundation, Microsoft, and several other large companies had servers confiscated that were found to be part of the malware during the investigators botnet seizure. The Federal Bureau of Investigation (FBI) are alleged to have identified the controller of the GameOver Zeus operation naming the individual as, Evgeniy Mikhailovich Bogachev.
“This big, and very successful, operation has been an important test of the EU Member States’ ability to act fast, decisively and coordinated against a dangerous criminal network that has been stealing money and information from victims in the EU and all over the globe. Over many days and nights cyber police from several EU countries in EC3 operation rooms maximized the impact of this joint investigation. We get better and better after each such operation, and many more will undoubtedly follow,” said Troels Oerting, head of the European Cybercrime Centre (EC3).
The United States government utilized servers that were found to be involved in the GameOver Zeus botnet, redirecting all traffic from infected machines to servers the government operates. Such tactics are common in botnet seizures but not always effected as P2P botnets prowl the web and don’t rely on one server or centralized area.
Monday, the United States Computer Emergency Readiness Team (US-CERT) issued a warning regarding the Gameover Zeus malware, telling users to be wary of the attack
“GOZ, which is often propagated through spam and phishing messages, is primarily used by cybercriminals to harvest banking information, such as login credentials, from a victim’s computer. Infected systems can also be used to engage in other malicious activities, such as sending spam or participating in distributed denial-of-service (DDoS) attacks,” the warning reads.
This is not the first time researchers or government agencies have targeted the Zeus botnet. Back in 2012, Microsoft shut down servers found to be used as C&C points for Zeus, but because GameOver Zeus was built in a peer-to-peer architecture, the operation was unsuccessful.
“This operation disrupted a global botnet that had stolen millions from businesses and consumers as well as a complex ransomware scheme that secretly encrypted hard drives and then demanded payments for giving users access to their own files and data,” Deputy Attorney General James Cole said in a statement. “We succeeded in disabling GameOver Zeus and Cryptolocker only because we blended innovative legal and technical tactics with traditional law enforcement tools and developed strong working relationships with private industry experts and law enforcement counterparts in more than 10 countries around the world.”
The Department of Justice has charged Bogachev, the alleged GameOver Zeus with bank fraud, computer hacking, conspiracy, and money laundering with GameOver alone. United States and European agencies, including the FBI and Europol, are working to find the alleged 30-year-old, Evgeniy Mikhailovich Bogachev.
Bogachev is also begin help responsible for operating the CryptoLocker infrastructure, an extremely profitable ransomware. CryptoLocker was a massive operation that locked victims computers and held the system ransom for money. The infrastructure got so big that just last month the operation moved to target Android devices, holding the phone ransom for money.
As the GamOver Zeus operation is still under investigation, freedomhacker.net will keep your updated.
