Malicious Software Networks Shut Down By US-Led Investigation
June 2, 2014

Malicious Software Networks Shut Down By US-Led Investigation

Peter Suciu for - Your Universe Online

On Monday the United States Department of Justice (DOJ) announced that it had lead a multinational action against the "Gameover Zeus" botnet and "cryptolocker" ransomware. These malware programs made up a global network of infected computers that were used by cyber criminals to steal millions of dollars from businesses and consumers.

The DOJ unsealed criminal charges in Pittsburgh, Pennsylvania and Omaha, Nebraska against an administrator of the botnet, whilst in a separate action US and international law enforcement officials seized computer servers central to the malware known as Cryptolocker.

"This operation disrupted a global botnet that had stolen millions from businesses and consumers as well as a complex ransomware scheme that secretly encrypted hard drives and then demanded payments for giving users access to their own files and data," said Deputy Attorney General Cole in a statement. "We succeeded in disabling Gameover Zeus and Cryptolocker only because we blended innovative legal and technical tactics with traditional law enforcement tools and developed strong working relationships with private industry experts and law enforcement counterparts in more than 10 countries around the world."

The Gameover Zeus botnet relied on sophisticated attacks that could harvest confidential information once the legitimate owners' computers were infected. This included asking for information that legitimate sites might not ask for – such as social security number and credit card information.

ZDnet repored that Gameover Zeus operates via a decentralized peer-to-peer network and it was able to take over Windows PCs running Windows 95, 98, Me, 2000, XP, Vista, Windows 7, 8 and even Windows Server 2003, 2008, 2008 RS and 2012. Infections occur via a phishing attack or through other emails – likely using traditional social media services to get a user to click a link to a site that installs the malware.

"These schemes were highly sophisticated and immensely lucrative, and the cyber criminals did not make them easy to reach or disrupt,” said Assistant Attorney General Caldwell, via a statement. "But under the leadership of the Justice Department, U.S. law enforcement, foreign partners in more than 10 different countries and numerous private sector partners joined together to disrupt both these schemes. Through these court-authorized operations, we have started to repair the damage the cyber criminals have caused over the past few years, we are helping victims regain control of their own computers, and we are protecting future potential victims from attack."

Britain's National Crime Agency (NCA) estimated that more than 15,500 computers in the UK could be infected with the botnet.

Security researchers have also estimated that as of April of this year Cryptolocker had infected more than 234,000 computers, with half of those being located in the United States. According to one estimate, more than $27 million in ransom payments were made in just the first two months since this malware appeared.

While those are ominous numbers, security researchers noted that the efforts to combat it have been impressive as well.

"The scale of this operation is unprecedented," Steve Rawlinson from Tagadab, a web hosting company involved in the take-down effort, told the BBC on Monday. "This is the first time we've seen a co-ordinated, international approach of this magnitude, demonstrating how seriously the FBI takes this current threat."

The DOJ unsealed a 14-count indictment against Evgeniy Mikhailovich Bogachev, 30, of Anapa, Russia; and he is believed to be the leader of what the DOJ called a "tightly knit gang of cyber criminals based in Russia and Urkraine." The group is believed to be responsible for the development and operation of Gameover Zeus and Cryptolocker.

Gameover Zeus has reportedly been a common distribution mechanism for Cryptolocker.

In addition to efforts from American authorities law enforcement from the Australian Federal Police; the National Police of the Netherlands National High Tech Crime Unit; European Cybercrime Centre (EC3); Germany’s Bundeskriminalamt; France’s Police Judiciare; Italy’s Polizia Postale e delle Comunicazioni; Japan’s National Police Agency; Luxembourg’s Police Grand Ducale; New Zealand Police; the Royal Canadian Mounted Police; Ukraine’s Ministry of Internal Affairs – Division for Combating Cyber Crime; and the United Kingdom’s National Crime Agency participated in the operation. The DOJ also confirmed that Defense Criminal Investigative Service of the US Department of Defense also participated in the investigation.