Today, federal officials announced new charges against the GameOver Zeus botnet, together with coordinated seizures that appear to have stopped the network cold. GameOver Zeus infected as many as a million Windows computers, harvesting user credentials and executing fradulent wire transfers. Today's federal complaint named Russia's Evgeniy Mikhailovich Bogachev as mastermind of the network, tracked down with the help of law enforcement agencies across eleven countries.
The total damage was over $100 million
"Gameover Zeus is the most sophisticated botnet the FBI and our allies have ever attempted to disrupt," the FBI's Robert Anderson Jr. said in a statement. "The efforts announced today are a direct result of the effective relationships we have with our partners in the private sector, international law enforcement, and within the US government."
"These schemes were highly sophisticated and immensely lucrative."
GameOverZeus would use sophisticated attacks to harvest confidential information once computers were infected. Where a banking site might normally ask for a username and password, the malware could add extra fields for social security number and credit card information, inserted seamlessly into the page's layout. Once the attackers had enough data, they would strike with an unauthorized wire transfer. The federal complaint names four such attacks, ranging from $190,000 stolen from an assisted living facility, all the way up to $7 million stolen from a regional bank in northern Florida. According to the Justice Department, the total damage inflicted by GameOver totals more than $100 million.
The botnet also raised money through Cryptolocker an attack that would encrypt a computer's hard drive, demanding a ransom to unlock the data. For those that didn't pay, data-recovery costs reached as high as $80,000. Researchers say the botnet has been operational since October of 2011, but used a complex P2P mechanism to cover its tracks, making it difficult to track down before now. Strong encryption also disguised the location of the master servers. "These schemes were highly sophisticated and immensely lucrative," said US assistant attorney general Leslie Caldwell in a statement to the press. "The cyber criminals did not make them easy to reach or disrupt."