The US Department of Justice and the FBI, alongside with law enforcement officials in Australia, Canada, France, Germany, Italy, Japan, Luxembourg, New Zealand, and the Ukraine, have announced that the "Gameover Zeus" botnet
, responsible for the wide distribution of the Cryptolocker ransomware package, has been at least partially disabled. US officials have seized the botnet controllers in the Ukraine and other nations, giving control to law enforcement and releasing 300,000 from the clutches of the package, possibly only temporarily.
Gameover Zeus is a newer version of the original Windows-based Zeus trojan horse. The malware package often used to steal banking information by keystroke logging and interception of completed user forms. Zeus and its derivatives are spread mainly through phishing schemes.
The original was identified in July 2007, when it was used to steal information from the United States Department of Transportation. In June 2009, security company Prevx discovered that Zeus had compromised over 74,000 FTP accounts on websites of such companies as the Bank of America, NASA, Monster.com, ABC, Oracle, Play.com, Cisco, Amazon, and BusinessWeek.
"This operation disrupted a global botnet that had stolen millions from businesses and consumers as well as a complex ransomware scheme that secretly encrypted hard drives and then demanded payments for giving users access to their own files and data," said Deputy Attorney General James MCole. "We succeeded in disabling Gameover Zeus and Cryptolocker only because we blended innovative legal and technical tactics with traditional law enforcement tools, and developed strong working relationships with private industry experts and law enforcement counterparts in more than 10 countries around the world."
"Gameover Zeus is the most sophisticated botnet the FBI and our allies have ever attempted to disrupt," said FBI Executive Assistant Director Robert Anderson Jr. "The efforts announced today are a direct result of the effective relationships we have with our partners in the private sector, international law enforcement, and within the US government."
Zeus and Cryptolocker are alleged to have brought in over $100 million in pilfered funds and ransoms paid. Attorney General Cole claims that the mastermind of the botnet, Russian Evgeniy Mikhaylovich Bogachev, is being sought. Cole says that the US DoJ is in contact with Russia about the prime suspect and "we've been having discussions with them about moving forward and about trying to get custody of Mr. Bogachev."
The United Kingdom National Crime Agency believes that users may have as little as two weeks to purge devices of the infection. The US has made no such estimate but does note that "the resiliency of GOZ's P2P infrastructure makes takedown efforts more difficult." The US Computer Emergency Readiness Team has set up a resource to help users clean computers of the malware.