Nettitude Blog

Responding To The Gameover ZeuS Botnet

Posted by Iain Wallace on Jun 3, 2014 5:13:56 PM

You will no doubt have seen the news by now that a global international law enforcement and security firm operation has gained control of one of the world’s largest botnets, but what are the implications for businesses and computer users?

What is a Botnet?

A botnet is a large collection of computers that have been taken over using malware. Once incorporated into a botnet, these “bots” can work together in order to carry out further malicious attacks against businesses and individuals. The organisers of these networks often hire out sections of their botnet to other malicious users or use the combined resources to launch extortion attacks against businesses.

Gameover ZeuS

Gameover ZeuS is a botnet based on the widely available “ZeuS” botnet. Like mainstream software, ZeuS was available within hacker networks for anyone willing to pay for it. Gameover ZeuS differs in this regard as it was controlled by a relatively small group of hackers from Ukraine and Russia. What also made Gameover difficult to target before now was its use of a peer-to-peer command and control (C&C) network, as opposed to a centralised command server. In architecting their network in this way, the Gameover ZeuS organisers removed the risk of the operation being shut down by attacks on their C&C servers.

Cryptolocker

One of the major uses of Gameover ZeuS was to infect a computer with the CryptoLocker malware. Cryptolocker is a type of “ransomware” trojan which, when run, searches for important looking files on the victim’s computer and strongly encrypts them. The victim is then prompted for payment in order to receive the key to decrypt their files.

Down but Not Game Over

The upshot of this targeted takedown of Gameover ZeuS, as theorised by the National Crime Association, is that this will likely produce about two weeks of respite in Gameover ZeuS attacks before the botnet is able to recover.

How to Protect Yourself

  1. Never open attachments from emails that you aren’t expecting, even if the email appears to come from someone you know. Hackers can spoof emails to appear to come from your friends or work colleagues.
  2. Ensure your antivirus solution is up to date. This can help catch some attacks, however it should never be assumed that you are safe simply because you have an antivirus solution installed.
  3. Ensure your computer’s operating system is up to date. If you are using Windows, ensure that your computer is receiving updates through “Windows Update”. Note that Windows XP is no longer supported by Microsoft.
  4. Ensure your other software, such as Firefox, Chrome or Safari web browsers are also up to date.
  5. In a worst case scenario, Cryptolocker will result in your files no longer being accessible. Create regular backups to disk drives or services that you are not permanently connected to. Files on external drives will also be affected by Cryptolocker if the drive is connected at the time your computer is infected

Further Reading

  1. https://www.us-cert.gov/ncas/alerts/TA14-150A
  2. http://krebsonsecurity.com/2014/06/operation-tovar-targets-gameover-zeus-botnet-cryptolocker-scourge/

 

To contact Nettitude’s editor, please email media@nettitude.com.

Topics: Security Blog, Uncategorized

About Nettitude

Nettitude is the trusted cyber security provider to thousands of businesses around the world. We stop at nothing to keep your data and business secure in an age of ever-evolving cyber threats.

Our experts use an award winning Threat Intelligence led approach that incorporates real-time data, ensuring that your company is protected at every stage of its journey.

Receive an update when we post!

Recent Posts