As part of a Department of Justice (DOJ) led effort, the Department of Homeland Security (DHS) is playing a major role in curbing the spread of the Gameover Zeus botnet. This effort has been a great example of interagency collaboration and the partnerships between governments around the world and the private sector.
Gameover Zeus is an extremely sophisticated piece of malware designed to steal banking information and other credentials from the computers it infects; it captures banking credentials from infected computers and then uses those credentials to initiate or re-direct wire transfers to overseas accounts controlled by cyber criminals.
Researchers estimate that between 500,000 and one million computers worldwide are infected with Gameover Zeus, and that approximately 25 percent of the infected computers are located in the United States. Known losses attributable to Gameover Zeus approach $100 million – and it has been used in attempts to steal in excess of $325 million.
The alleged administrator of Gameover Zeus is also alleged to be the administrator of Cryptolocker. Cryptolocker is a form of “ransomware” that locks users out of their computers until they pay a ransom.
To combat this malware, the United States and other governments have worked with the private sector to take a number of steps. Today, DOJ is filing criminal charges against the alleged administrator and working to identify affected computers and criminal operators.
Concurrently, DHS is disseminating information of affected computers to Computer Emergency Readiness Teams (CERTs) around the world. As part of this coordinated effort, the DHS’s U.S. Computer Emergency Readiness Team (US-CERT) is coordinating with our partners at the FBI to notify those affected by the malware and provide them with technical assistance in removing the Gameover Zeus and Cryptolocker malware from their computers. The DHS National Cybersecurity and Communications Integration Center (NCCIC), which houses the US-CERT, plays a key role in triaging and collaboratively responding to the threat by providing technical assistance to information system operators, disseminating timely mitigation strategies to known victims, and sharing actionable information to the broader community to help prevent further infections.
Since this is still an ongoing investigation, there is still plenty of work to do, but we are pleased to see how effective our collaborations with cybersecurity partners across government, the private sector and internationally can be.
To protect against the Gameover Zeus malware, US-CERT recommends that users run and maintain anti-virus software and keep their operating system software up-to-date. To learn more about malware like Gameover Zeus and Cryptolocker and mitigate their impacts, visit www.us-cert.gov/gameoverzeus. If you are concerned that you may be affected by Gameover Zeus or Cryptolocker, US-CERT recommends reporting the incident to the FBI Internet Crime Complaint Center.