The U.S. DoJ in collaboration with FBI and foreign law enforcement agencies revealed early this week a joint effort to disrupt Gameover Zeus, one of the most long-lived and dangerous botnet composed by a number of compromised computers ranging from 500,000 to 1 million units.
“Gameover could be considered the most advanced variant of Zeus, and unlike other variants such as the Citadel and IceX Trojans, it is not for resale. The botnet can be used to facilitate financial fraud on a large scale by hijacking thousands of victims’ online banking sessions. The group behind Gameover Zeus uses it to perform these fraudulent activities in real time. Gameover Zeus is typically distributed through an email which poses as an invoice. Once an infected user visits their banking website through a compromised computer, Gameover intercepts their online session using a technique commonly known as man-in-the-browser (MITB). It can bypass two factor authentication and display fraudulent banking security messages to the user to obtain information for transaction authorization.” reports Symantec in a blog post published on its website”
The FBI estimates that Gameover Zeus is responsible for more than US$100 million in losses. A grand jury in Pittsburgh has unsealed a 14-count indictment against the Russian citizen Evgeniy Mikhailovich Bogachev charging him with conspiracy, wire fraud, computer hacking, bank fraud and money laundering in connection with his alleged role as an administrator of Gameover Zeus.
Bogachev was also charged in another state for similar reason, this time the malware used is Jabber Zeus, a prior variant of Zeus. Bogachev is considered by US authorities as the alleged leader of a cyber criminal gang based in Russia and Ukraine responsible for the development and operation of both the Gameover Zeus and Cryptolocker schemes.
“Gameover Zeus is the most sophisticated botnet the FBI and our allies have ever attempted to disrupt,” “The efforts announced today are a direct result of the effective relationships we have with our partners in the private sector, international law enforcement, and within the U.S. government.” stated the FBI Executive Assistant Director Robert Anderson Jr.
Authorities say that criminals used same malicious infrastructure to distribute the CryptoLocker ransomware, they have discovered a complex organization specialized in cyber fraud.
The U.S. Department of Homeland Security’s Computer Emergency Readiness Team (US-CERT) has issued an alert to provide information on the cyber threat, it also includes detailed information for victims to remediate Gameover Zeus infection.
U.S. law enforcement agencies have obtained civil and criminal court orders in Pittsburgh authorizing them to sinkhole Gameover Zeus traffic, with this technique the security experts can profile the botnet, evaluate its extension and interrupt communication between compromised machines and the C&C servers.
There is great satisfaction for an operation that has demonstrated the effectiveness of joint action of the major law enforcement agencies:
“This big, and very successful, operation has been an important test of the EU Member States’ ability to act fast, decisively and coordinated against a dangerous criminal network that has been stealing money and information from victims in the EU and all over the globe. Over many days and nights cyber police from several EU countries in EC3 operation rooms maximized the impact of this joint investigation. We get better and better after each such operation, and many more will undoubtedly follow,” said Troels Oerting, head of the EC3.
If you suspect to be infected, Symantec has released a new tool to allow removal of Gameover Zeus infection from the victim’s machine, data provided by the security company confirms that US and Italy are the counties most affected by the botnet.
(Security Affairs – Gameover Zeus, cybercrime)