Security Corner

Jun 3 2014   2:44PM GMT

You can help in the Gameover Zeus & Cryptolocker takedown

Ken Harthun Ken Harthun Profile: Ken Harthun


Your help is needed in a massive law enforcement effort to take down the Gameover Zeus (GOZ) and Cryptolocker botnets. The Department of Justice (DoJ) has announced a massive international legal and technical assault against these two infrastructures. To give you an idea of the scope of this action, here is an official list of the other cooperating agencies:

The Australian Federal Police; the National Police of the Netherlands National High Tech Crime Unit; European Cybercrime Centre (EC3); Germany’s Bundeskriminalamt; France’s Police Judiciare; Italy’s Polizia Postale e delle Comunicazioni; Japan’s National Police Agency; Luxembourg’s Police Grand Ducale; New Zealand Police; the Royal Canadian Mounted Police; Ukraine’s Ministry of Internal Affairs – Division for Combating Cyber Crime; and the United Kingdom’s National Crime Agency participated in the operation. The Defense Criminal Investigative Service of the U.S. Department of Defense also participated in the investigation.

You can read all about what they have done here. Here’s an excerpt:

Here is what we did: first, on May 7, in coordination with the FBI, Ukrainian authorities seized and copied key Gameover Zeus command servers in Kiev and Donetsk.

. . .

At the same time, our foreign law enforcement partners seized critical computer servers used to operate Cryptolocker, which resulted in Cryptolocker being unable to encrypt victim files.

. . .

Beginning in the early morning hours on Friday and continuing through the weekend, the FBI and foreign law enforcement then began the coordinated seizure of computer servers around the world that had been the backbone of Gameover Zeus and Cryptolocker.   These seizures took place in Canada, France, Germany, Luxembourg, the Netherlands, Ukraine and the United Kingdom.

. . .

I am pleased to report that our actions have caused a major disruption of the Gameover Zeus botnet.   Over the weekend, more than 300,000 victim computers have been freed from the botnet – and we expect that number to increase as computers are powered on and connected to the internet this week.

A huge blow, to be sure, but that’s not the whole story. Hundreds of thousands of computers are still infected and it’s possible that the bad guys could re-establish communications by setting up new servers. Keep in mind, these guys are geniuses, albeit acting evilly at the moment, so don’t assume they are down for the count.

“But I’m just a single person,” you say. “How can I possibly contribute to such a massive effort?”

Simple, follow the advice of Sophos:

The next stage – the part of the operation that is the duty of all of us – is to dismantle the rest of the botnet, by progressively disinfecting all the zombie-infected computers that made the Gameover and Cryptolocker “business empires” possible in the first place.

US-CERT has come up with a whole list of free tools so you can do just that, and (if you are the go-to person for IT problems amongst your friends and family) so that you can help others, too.

I’m delighted to say that the Sophos Virus Removal Tool is amongst the recommended cleanup utilties.

Scan every computer you touch that you suspect might have malware of some kind. Let’s break this thing completely.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: