Massive Law Enforcement Operation Tells two Malware Variants it’s ‘Game Over’

By on

On Monday, the United States Department of Justice announced an international law enforcement effort to take out a massive botnet—a network of infected personal computers that work together to accomplish a task given by a hacker. This botnet was particularly nasty because it delivered two programs to victims: Gameover Zeus, a hidden program that siphoned passwords used to log onto banking websites, and Cryptolocker, a program notorious for rendering a victim’s computer inoperable until a ransom has been paid.

The effort, dubbed “Operation Tovar,” has so far been a success. That success is largely thanks to the efforts of international law enforcement agencies and private organizations (including McAfee) operating in tandem to impact the communications infrastructure of the criminals, but also provide tools for consumers to remove the malware from infected systems.

But, this nasty online threat won’t be offline forever. This is why it is imperative that you should run the removal tool on your computer, do not ignore it or wait to fix your infected computer. That’s because the network of hackers responsible for the infections will try their best to regain control of the botnet.

Whether you receive a notification or not, it is imperative that you test whether your device is infected with the free McAfee stinger tool.

So how did cybercriminals manage to infect so many computers in the first place? Well, the criminals infected computers through two methods—one focused on businesses, and one focused more on consumers:

First, with Gameover Zeus, cybercriminals took advantage of web browser weaknesses to compromise a victim’s computer. These attacks often stemmed from spear phishing, a type of well-targeted attack that tricks users into unknowingly infecting their systems with malware. Spear phishing attacks vary from regular phishing attacks as they are much more targeted in nature (hence the name). With spear phishing, cybercriminals aim to infect a particular person or company rather than blindly casting out a wide net hoping to catch any victim they can. Once cybercriminals gained access to user’s machines through successful spear phishing attempts, they were able to steal passwords, banking information, and more.

Second, with Cryptolocker, cybercriminals used emails with attachments purporting to be a voicemail or shipping confirmation—a more classic phishing attack example. Cryptolocker was less focused on enterprise extortion, more focused on the individual consumer. This difference can be seen in the number of successfully infected computers and illegal gains illustrated below. Once cybercriminals installed Cryptolocker on a user’s machine, they were able to lock the user out of their own computer—demanding a ransom for access to personal files or threatening that they be encrypted and lost forever.

According to the Department of Justice, Gameover Zeus, which infected anywhere between 500,000 to 1 million computers, is responsible for an estimated $100 million in losses to U.S. businesses. Its nefarious companion, Cryptolocker, is allegedly responsible for infecting about 234,000 computers and creating $27 million in losses. These are serious pieces of malware, wreaking serious havoc.

And unfortunately, they may not be out of commission for long. The criminal network operating the botnet will be working overtime to regain control of their illegal property. And, in all likelihood, they will soon get it back.

So what can you do to protect yourself from these two nasty malware variants? Well, here’re a few tips:

  • Watch where you browse. The Internet can be a dangerous place full of hidden threats. Browser-based exploits found on compromised websites can be used to inject malicious code that can record your keystrokes, passwords and other personal information like credit card data. The best way to prevent these exploits from taking advantage of you and your computer is to stay on safe websites (i.e. don’t click on any suspicious links found on social media or sent via email).
  • Keep an eye on your emails. Emails are quickly becoming the preferred weapon of choice for hackers trying to trick users into infecting their computers. In this case, criminals sent emails with links to malicious websites designed to infect your computer. To prevent infection, you should always be wary of links sent through email, especially when the email is financial in nature. If it’s a legitimate financial organization, they’ll send you a letter, not an email.
  • Monitor your bank statements.  Whether your system was infected or not, make sure you regularly check bank and credit card statements for any fraudulent transactions.
  • Always use a comprehensive security solution. Once installed, these two malware variants are difficult to remove. The best option is to never let your computer get infected in the first place. For this to happen, you can’t simply rely on staying on your best behavior online—bad things can still get in. Comprehensive security solutions like McAfee LiveSafe™ service are designed to protect all your devices and data from malicious websites, attachments and anything else the cyber-underground may throw your way

 

 

Gary Davis

Categories: Consumer Threat Notices
Tags: ,

Leave a Comment

Similar articles

Rockstar Games’ Red Dead Redemption 2 has struck a popular chord with many online gamers. Unfortunately, the Western-themed action-adventure game has also become a popular vessel for malicious activity among cybercriminals as well. Scammers are tricking gamers into giving up their personal information with phony “free” downloads of the online game, while simultaneously making a ...
Read Blog
Pay-per-install, or PPI for short, is a type of software program that presents users with third-party offers while they are in the middle of another download. If a user clicks on the third-party advertisement, the software developer earns money from the download. One specific PPI program has caught the attention of our McAfee ATR team, ...
Read Blog
For the past 18 months, McAfee Labs has been investigating a pay-per-install developer, WakeNet AB, responsible for spreading prevalent adware such as Adware-Wajam and Linkury. This developer has been active for almost 20 years and recently has used increasingly deceptive techniques to convince users to execute its installers. Our report is now available online. During ...
Read Blog