GameOver and Cryptolocker Busted
Two of the biggest, most sophisticated, and most profitable scams on the Internet were neutralized at the end of May. The FBI, working with counterparts in seven countries, have (at least temporarily) shut down the GameOver financial fraud botnet and the CryptoLocker ransomware organization. In light of this, there are TWO IMPORTANT STEPS I'm asking you to take...
Score Two Points for the Good Guys
Malware known as GameOver Zeus (GOZ) had been growing steadily for years, adding hapless computers to its Borg-like collective by infecting them with sneaky multi-function malware. Its captives numbered between 500,000 and a million, according to the court affidavit of FBI Special Agent Elliott Peterson. The malware on each enslaved computer allowed it to be used to send spam and participate in denial of service attacks, but its primary mission was “credential theft.”
The malware monitored the computer user’s keystrokes and mouse activity, the apps used, and Web sites visited. When the user logged on to a finance-related Web site, the malware captured usernames and passwords, transmitting them to its masters in Russia. The crooks would use the credentials to steal money in several ways.
GOZ targeted mainly businesses with large payrolls, such as hospitals, whose direct-deposit payroll transactions could be redirected to “money mules,” people recruited to launder money for the GOZ masters. Direct wire transfers to international bank accounts were also common; the largest was $6.9 million at one time!
Cyberlocker is classic ransomware: malware that locks up a victim’s computer and bluntly demands payment of several hundred dollars to restore access to files and functionality. Its victims numbered in the tens of thousands. See my article on CryptoLocker and Ransomware.
The FBI investigated GOZ for over two years, sorting out its scope, functionality, and specific criminal activities upon which indictments and petitions for restraining orders could be based. Finally, authorities were able to obtain court permission to shut down the domains on which the GOZ servers were hosted, effectively ending the crime spree.
It turns out GameOver and Cryptolocker are connected to the same Russian cybercrook. One man has been identified and indicted: Evgeniy Mikhailovich Bogachev of the Black Sea town of Anapa, Russia. Four accomplices are named in the 14-count indictment only under their online aliases. The U. S. seeks to extradite Bogachev, but it is unlikely that Russia will hand him over. The Russian government has consistently refused to allow its citizens to be tried in foreign courts. Whether "Bogey" will face justice in a Russian court remains to be seen.
Internet users should applaud the collaboration of law enforcement organizations from around the world that helped to bring down this highly sophisticated cyber criminal. But here's the rub… the GameOver and CryptoLocker crime networks are crippled, but not destroyed. The command and control center has been seized, but experts predict that it can and will be reconstituted over the next two weeks.
What You Need to Do... NOW!
This gives users a chance to do two very important things. Without the command and control servers, Gameover and Cryptolocker lie dormant on infected computers. During this window of time, it's essential to clean up as many infected computers as possible. This will further weaken the peer-to-peer network that allows this malware to operate and spread.
I urge you to take the two steps listed below, and encourage all your friends, relatives and contacts to do the same:
First, use an anti-malware scanner to look for and remove any GOZ, CrytoLocker or other malware. See my article HOWTO: Deep Scan for Malware and choose one or more of the tools listed there. I suggest using MalwareBytes Anti-Malware and/or Microsoft System Sweeper, because they are on-demand scanners that will not interfere with your existing anti-virus protection.
Second, make sure your operating system and all third-party software is up to date. My article Computer Security: The Missing Link lists several tools to help you get that job done.
You can forward this article via email, Facebook or Twitter using the green ShareThis button at the top of page, or by pasting the article link into an email or social media posting. When you do, encourage your friends to take these two important steps to secure their computers, and help to take down a nasty cybercrime network.
Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 5 Jun 2014
|For Fun: Buy Bob a Snickers.|
Geekly Update - 04 June 2014
The Top Twenty
SNEAK PEEK: Apple's New Features
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005
- Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- GameOver and Cryptolocker Busted (Posted: 5 Jun 2014)
Copyright © 2005 - Bob Rankin - All Rights Reserved