Slashdot Mirror

← Back to Stories (view on slashdot.org)

Justice Dept. Names ZeuS Trojan Author, Seizes Control of P2P "Gameover" Botnet

Posted by samzenpus on from the shutting-it-down dept.

tsu doh nimh (609154) writes "The U.S. Justice Department announced today an international law enforcement operation to seize control over the Gameover ZeuS botnet, a sprawling network of hacked Microsoft Windows computers that currently infects an estimated 500,000 to 1 million compromised systems globally. Experts say PCs infected with Gameover are being harvested for sensitive financial and personal data, and that the botnet is responsible for more than $100 million in losses from online banking account takeovers. The government alleges that Gameover also was rented out to an elite cadre of hackers for use in online extortion attacks, spam and other illicit moneymaking schemes. In a complaint unsealed today, the DOJ further alleges that ZeuS and Gameover are the brainchild of a Russian man named Evgeniy Mikhailovich Bogachev, a.k.a. 'Slavik.'"

24 of 76 comments (clear)

  1. Cutting a head off the Hydra by NoNonAlphaCharsHere · · Score: 3, Funny

    And where one compromised Windows machine falls, two more will arise to take its place.

    1. Re:Cutting a head off the Hydra by NoNonAlphaCharsHere · · Score: 1

      Yeah. "OS effortlessly compromised, yet again", gosh, I wonder which one it could be???

    2. Re:Cutting a head off the Hydra by Alphadecay27 · · Score: 2

      That sounds poetic and I understand it is a general (likely warranted) shot at windows but it's not really applicable. Cleaning an infected machine results in one less infected machine. The act of cleaning does not generate 2 more infected machines and in fact shrinks the botnet by some, albeit small degree. There is never a situation where cleaning a Windows machine is a bad option - which keeps a significant number of us employed/harassed by friends/relatives.

      If you can secure a machine (e.g. by beating the user until they swear they won't click on unknown links) you further reduce the likely-hood of reinfection. I can't remember where I've seen it but I have heard there is some sort of method using a host file but I will not mention it to avoid being down-modded :)

    3. Re:Cutting a head off the Hydra by Ravaldy · · Score: 1

      Why would they target anybody else than Windows users? It accounts for 80% of the PC OS.

      The last 20% is shared between Unix, Linux and Apple. Apple actually 11% of that last 20%.

  2. And what will *they* do with it? by gstoddart · · Score: 4, Interesting

    Because, you know, the NSA et al are doing just as much hacking as the black hats are.

    At which point, one must assume they'll continue to use this botnet for their own purposes, and not simply dismantle it.

    Why give up an established spy network?

    --
    Lost at C:>. Found at C.
  3. Re:ZEUS & it's variants can't get to me by Anonymous Coward · · Score: 1

    Ah, the old "security through schizophrenia" argument.

  4. Government Control by grahamsz · · Score: 1

    Since the government have control of all those computers now, would it be ethical for them to go in and actually install the patches to stop them being easily becoming victims next time around?

    1. Re:Government Control by synapse7 · · Score: 2

      Pretty sure it is their duty to use these computers to gather information for national security.

    2. Re:Government Control by DigiShaman · · Score: 1

      Does the executable run by itself when a user clicks on the hyperlink from a phishing attempt in e-mail, or does it require the user to run it? If it's the later, you can't fix stupid.

      --
      Life is not for the lazy.
  5. Government Control by TMYates · · Score: 1

    Just have to put this out there, but now that the government has taken control, how much do you want to bet the NSA will use this opportunity to spy? Even if they do not use Zeus long term, they could use it to install their own software on millions of PCs that are already infected.

  6. Re:ZEUS & it's variants can't get to me by Anonymous Coward · · Score: 1

    You ought to get yourself on of those "Hackers hate this guy. <insert your nearest city name> mom foils Zeus trojan wit this ONE SIMPLE TRICK!"

  7. Only Control For Short While by mrspoonsi · · Score: 3, Informative

    According to this article: http://www.bbc.co.uk/news/tech... the C&C servers will be replaced by new ones, so there is only a 2 week window until the network is back up and running.

    1. Re:Only Control For Short While by Anonymous Coward · · Score: 1

      Here's what I don't get about that. The way the article shows the structure of the Gameover botnet, it looks like the C&C servers are hard-coded in. The person who coded the botnet control program would have no reason to give away his source code. If they've already seized the C&C servers, and the only person who can change the code has been arrested, how could new C&C servers pop up so quickly, unless Gameover Zeus has already been forked?

    2. Re:Only Control For Short While by Yebyen · · Score: 2

      Presumably there's some concept of a CA / revocation list where infected nodes can find messages in a public channel or forum of some kind that tell where to reach the new C&C servers. I'm struggling with this as well, but it seems reasonable to assume from the quoted text that those machines are checking in regularly with the C&C servers, which the authorities now control, and they are checking in less frequently (every 2 weeks) with some other channel that is not controlled by the authorities, where The Highest Bidder with The Official Keys (not a part of the regular everyday C&C architecture) gets to put out new instructions that supersede the old.

      I have just made all of this up from my imagination without any research, I'm just thinking, "if I was the one who did it, that's how I'd do it".

      --
      Restating the obvious since nineteen aught five.
  8. Phew! by flightmaker · · Score: 1

    Maybe that's why I've had no more notices to appear in court the last couple of days.

    The magistrate was getting pissed off telling me to go away!

  9. Re:We've named the guy, now getting him? by jythie · · Score: 1

    Well, he was making money and was pro-freedom so he would probably be held up as a hero in the US too.

  10. Re:We've named the guy, now getting him? by Krojack · · Score: 1

    I was under the impression the NSA hired these people to make the botnets to harvest data. Once the NSA is done using it or are near exposure they dump everything on the person they hired and place the blame there.

  11. Re:We've named the guy, now getting him? by PRMan · · Score: 2

    Yeah, cause he helped the American people by... oh, wait, he's just a straight-up villain...

    --
    Peter predicted that you would "deliberately forget" creation 2000 years ago...
  12. Re:We've named the guy, now getting him? by Opportunist · · Score: 2

    If you had told someone 25 years ago that criminals in Russia try to steal your ID for profit while in the USA the state tries to invade your privacy to ferret out dissidents...

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  13. Re:We've named the guy, now getting him? by gstoddart · · Score: 1

    If you had told someone 25 years ago that criminals in Russia try to steal your ID for profit while in the USA the state tries to invade your privacy to ferret out dissidents...

    You'd have been right. ;-)

    --
    Lost at C:>. Found at C.
  14. Re:We've named the guy, now getting him? by Opportunist · · Score: 1

    I'd probably have been asked whether I got that the wrong way 'round, rather.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  15. Re:We've named the guy, now getting him? by gstoddart · · Score: 1

    And yet, you'd still have been right. :-P

    --
    Lost at C:>. Found at C.
  16. Waste of time by dhammabum · · Score: 2

    Why aren't they going after terrorists? We all need to sacrifice to defeat terrorism, and if it means compromised systems and stripped bank accounts, well, that is the price we all have to pay.

    --
    I am not a robot. I am a unicorn.
    1. Re:Waste of time by Vitriol+Angst · · Score: 1

      Honestly, there are some counties in my state where I think we'd be better off with a few more muggers than a few more cops -- they certainly cost less than proving yourself innocent in a court.

      --
      >>"ad space available -- low rates!!!"