FBI, European Authorities Go After Gameover ZEUS BOTNET

[Reefa]

Law enforcement agencies in Europe and the United States, including Europol and the FBI, ran a coordinated takedown of the GameOver Zeus botnet on Friday, seizing servers and disrupting the botnet’s operation. Authorities say that the same botnet has been used to distribute the CryptoLocker ransomware and they’re now looking for a 30-year-old Russian whom they say is connected to the operation of the botnet.

GameOver is a separate strain of malware from the more well-known Zeus Trojan and the botnet built using GameOver has proven to be a hard target for researchers and law enforcement. The GameOver Zeus botnet uses a P2P architecture, which makes it difficult to disrupt because of the decentralized command-and-control infrastructure. Many malware authors and botnet operators have shifted to this architecture in the last few years because of the advantages it offers in resisting takedowns and removal attempts.

GameOver Zeus is used as part of a wire fraud scheme that involves stealing financial credentials from infected users’ computers and then sending money from the victims’ accounts to those controlled by the attackers. GameOver often is distributed to victims through other botnets, specifically the Cutwail botnet.

On May 30, authorities working out of the European Cybercrime Center (EC3) worked with a number of security companies and researchers to takedown the botnet and seize the servers that were part of the botnet. The Shadowserver Foundation, Abuse.ch, CrowdStrike, Microsoft and several other companies were part of the takedown.

“This big, and very successful, operation has been an important test of the EU Member States’ ability to act fast, decisively and coordinated against a dangerous criminal network that has been stealing money and information from victims in the EU and all over the globe. Over many days and nights cyber police from several EU countries in EC3 operation rooms maximized the impact of this joint investigation. We get better and better after each such operation, and many more will undoubtedly follow,” said Troels Oerting, head of the EC3.

On Monday, the US-CERT issued a technical warning about Zeus GameOver, telling users to be wary of the malware.

“GOZ, which is often propagated through spam and phishing messages, is primarily used by cybercriminals to harvest banking information, such as login credentials, from a victim’s computer. Infected systems can also be used to engage in other malicious activities, such as sending spam or participating in distributed denial-of-service (DDoS) attacks,” the warning says.

This is not the first time that researchers and authorities have gone after a Zeus botnet. In 2012, Microsoft took down some servers used as C&C points for Zeus, but because GameOver Zeus uses a P2P architecture, the operation didn’t put a dent in that malware operation.

The FBI hasn’t released any statements about the operation against GameOver Zeus yet.

Source