Zeus Banking Trojan Author Wanted

    Yesterday, it became known that US law enforcement and the Department of Justice announced a special operation to disable the Zeus Gameover botnet. This latest modification of Zeus, a universal malicious banking tool, uses the P2P peer structure to organize its botnet. The modification appeared in-the-wild in mid-2011 was called Gameover. In the new version of the malware, the authors switched to using the DGA and P2P domain name generation system , which significantly complicates the disabling of such a botnet.

    Many antivirus and security companies have already written about Zeus Gameover's activity, the financial damage to users from the actions of fraudsters is huge and can amount to tens and hundreds of millions of dollars. According to the FBI, only with the help of Gameover modification, the attackers managed to steal more than $ 100 million. According to KrebsOnSecurity , a portal that closely interacts with law enforcement agencies, the FBI, Europol, and various security companies participated in the Tovar operation to destroy the botnet’s activities. : CrowdStrike, Dell, Symantec, Trend Micro, and McAfee.

    Losses attributable to GameOver Zeus are estimated to be more than $ 100 million.

    In addition to the operation to disable the botnet, law enforcement agencies put on the wanted list the alleged author of the original malware Zeus, which has long been widely known under the pseudonym Slavik . It turned out to be a native of the Russian Federation. Documents related to the civil lawsuit were posted on the official website .

    As noted in the FBI release mentioned above, research has shown that computers that are infected with Zeus Gameover often find another dangerous malware known as Cryptolocker. He gained fame as the most dangerous ransomware ransomware, because he encrypts user files and uses a distributed architecture to get the decryption key (the key can only be obtained from the attackers themselves). For obtaining the key and decrypting the files, the attackers extorted money from the user. Operation Tovar was also aimed at destroying the structure of Cryptolocker.

    Also popular now: