Home / / FBI cracks $100m financial-crime botnet

FBI cracks $100m financial-crime botnet

GameOver Zeus malware claims 1m victims; UK users told they have two-week window to act

Up to a million machines globally may have been infected with GameOver Zeus.
Up to a million machines globally may have been infected with GameOver Zeus.

British computer users have today been urged to take urgent action to protect their personal data against malware that has been blamed for the extortion of millions of dollars from victims worldwide.

The British National Crime Agency said users had a two-week window to act after the US FBI cracked a botnet that was spreading the GameOver Zeus malware kit, which had stolen personal and financial data worldwide.

According to The Independent, more than 15,000 machines in the UK are believed to have been infected by a cyber group based in Russia and the Ukraine. The FBI believes GameOver Zeus has been responsible for $100m in losses.

In addition to searching for personal credentials for the purpose of financial theft, the kit also drops the CryptoLocker ransomeware program, which encrypts all files on a target's computer, including personal photographs, and charges £300 ($500) to unlock them.

Worldwide, the FBI estimates around 250,000 computers have been infected with CryptoLocker since April and extortion payments amount to $27m. Up to a million machines globally may have been infected with GameOver Zeus.

The FBI announced yesterday that it had identified the suspected co-ordinator of the cyber culprits as a Syrian-born Russian named Evgeniy Mikhailovich Bogachev. While still at large, Bogachev is now sought by authorities in the matter of 14 criminal charges relating to the administration of GameOver Zeus and CyberLocker.

Continues on next page>>


"Never before have we seen this scale of co-ordination between the NCA and the FBI to stop one cyber attack, and this is exciting for the industry, businesses and ultimately end users," said Jason Steer, director of technology strategy, FireEye.

"For end users, simple things like updating your browser, PDF reader, Office, Java and Shockwave to the latest and greatest will help reduce your risk to these online threats along with up-to-date anti-virus engines and signatures.

"Unfortunately, the people who are most at risk are small companies and people who don't have the resources readily available to combat this form of cyber attack. You can take some measures, like changing your password, but these kits are incredibly powerful and end users are going to sadly encounter [them continually].

Steer advised businesses review critical information and set up procedures for backing it up regularly. He also strongly advocated use of firewalls,  2-factor authentication and other techniques that will "slow down attackers an make them move on elsewhere".

"Cyber criminals are evolving and this is just the next wave of how they can monetise what they do," he warned. "We all need to know what is important to us and keep it safer and better protected."