Zeus Botnet; Officials Urge: Protect Your PC Now

The Federal Bureau of Investigation (FBI) has disrupted a major malware botnet specifically designed to steal personal financial data from computers. Both US and UK security agencies are warning all users that they have a two week grace period to shore up their defenses before cybercriminals reactivate the threat.

A botnet is essentially an army of malware-infected computers under the control of cybercriminals. In this case, the botnet is known as the GameOver Zeus. When a computer becomes infected with malware, it can also become part of a botnet. Malware infection is usually the result of clicking on bogus web links, visiting a malicious website, or by opening infected email attachments.

As is common, infected computers are used by the criminals to spread the infection further (usually by spam emails), or to flood websites with bogus traffic in order to overwhelm a server (and thus, bring down the site). However, GameOver Zeus is also specially configured to hunt out any financial data such as account or credit card numbers on infected computers.

Botnet Design Makes It Particularly Resilient

The botnet is worse than the common set-up where a central computer or computers, operated by the criminals, issues commands and receives data from the infected machines (this is also known as a 'command and control' type of attack).

Instead, GameOver Zeus uses a peer-to-peer system, similar to that used by many file sharing services. It means that updates, commands and data are spread from infected machine to infected machine, rather than taking a direct route from a central command computer. That in turn makes it much harder for law enforcement officials to bring down the botnet by taking down any central machine(s) used in the attacks.

GameOver Zeus Mastermind Allegedly Named

The FBI and Department of Justice have worked together to identify the alleged mastermind of GameOver Zeus, Evgeniy Bogahev. He's been charged with several offenses, though he is not in custody and is believed to be in Russia. (Source: bbc.co.uk)

A worldwide operation bringing together numerous national law enforcement groups has temporarily disrupted GameOver Zeus by seizing some of the computers that were issuing commands. However, the botnet's design means it's relatively easy for the perpetrators to simply regain control using a new set of computers.

How to Protect Yourself Before GameOver Zeus Reactivates

The British National Crime Agency has predicted it could be as little as a couple of weeks before attacks resume, and have therefore urged computer users to take the opportunity to review their security set-up.

Advice includes making sure all Internet security software is up to date and has run a full system scan; making sure both Windows itself and individual applications have all updates applied; and making sure no passwords are stored on the computer itself. (Source: getsafeonline.org)

Computers running Windows XP are especially prone to infection, since Microsoft is no longer providing security updates for the operating system to the general public. Instead, users are urged to upgrade their operating systems.

Several manufacturers of leading security software packages have issued standalone tools that can scan for GameOver Zeus. As with any software, you should only use such tools if they come direct from a reputable company with which you are familiar.

What's Your Opinion?

What do you think of the GameOver Zeus botnet? Have you received any alerts from your software security provider or Internet Service Provider (ISP) about GameOver Zeus? Will you change your security habits as a result? Do you think security experts should have raised the alarm earlier?