HOME     MENU     SEARCH     NEWSLETTER    
NEWS & INFORMATION FOR TECHNOLOGY PURCHASERS. UPDATED 5 MINUTES AGO.
You are here: Home / Computing / Game Over for Lucrative Zeus Botnet
Build Apps 5x Faster
For Half the Cost Enterprise Cloud Computing
On Force.com
Game Over for Lucrative Zeus Botnet
Game Over for Lucrative Zeus Botnet
By Jennifer LeClaire / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
JUNE
02
2014
The U.S. Department of Justice on Monday made public a multi-national effort to disrupt the GameOver Zeus botnet, a global network of infected victim computers cybercriminals were using to steal millions of dollars from businesses and consumers. Microsoft was in the thick of the fix.

GameOver Zeus, a variant of the Zeus (or Zbot) family of malware, is a highly prevalent password-stealing trojan, according to research by the Microsoft Security Intelligence Report. What’s more, the Dell SecureWorks Counter Threat Unit reports that it was the most active banking trojan of 2013.

In a separate action, U.S. and foreign law enforcement officials worked together to seize computer servers central to the malware known as Cryptolocker, a form of ransomware that encrypts the files on victims’ computers until they pay ransom.

“GameOver Zeus is the most sophisticated botnet the FBI and our allies have ever attempted to disrupt,” said FBI Executive Assistant Director Robert Anderson. “The efforts announced today are a direct result of the effective relationships we have with our partners in the private sector, international law enforcement, and within the U.S. government.”

Microsoft Helps Takedown

The impact GameOver Zeus is not limited to the financial industry, however. Nearly all major businesses and public sector organizations are impacted. Security researchers estimate that between 500,000 and 1 million computers worldwide are infected. All told, the FBI estimates that GameOver Zeus is responsible for more than $100 million in losses.

“Microsoft’s role in this technical action was to conduct analysis on the P2P network and develop a cleaning solution,” Microsoft said in a blog post. “Also, through an additional feed from Shadow Server, we are able to augment our visibility into the number of impacted IP addresses that feed into Microsoft’s Cyber-Threat Intelligence Program (C-TIP), and work closely with global Community Emergency Response Teams (CERTs) and Internet service providers (ISPs) to help owners of compromised computers regain control of their systems.”

Based upon those actions, Microsoft expects to disrupt the cybercriminals’ business model, which would force them to rebuild their criminal infrastructure. This is the second botnet operation Microsoft has launched since it unveiled its C-TIP program last November. The company also participated in the ZeroAccess botnet case.

Regaining a Foothold

We caught up with Dwayne Melancon, chief technology officer at IT security software firm TripWire, to get his take on the takedown. He told us it’s an opportunity to make progress against a huge Internet threat.

“Taking out the command-and-control servers of a botnet is a monumental task, but this effort will make a significant difference and at least allow us to regain a foothold,” Melancon said. “Of course, the success of this effort still requires people to patch their operating systems and applications very quickly.”

That, he said, is because botnets are extremely resilient. He expects to see another command-and-control infrastructure spring up in short order.

“If users and enterprises don't reduce their attack surface by closing the security holes, the situation won't get better,” Melancon said. “They'll just be compromised by the next iteration of the botnet.”

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
Neustar, Inc. (NYSE: NSR) is a trusted, neutral provider of real-time information and analysis to the Internet, telecommunications, information services, financial services, retail, media and advertising sectors. Neustar applies its advanced, secure technologies in location, identification, and evaluation to help its customers promote and protect their businesses. More information is available at www.neustar.biz.
MORE IN COMPUTING
Product Information and Resources for Technology You Can Use To Boost Your Business
© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.