Microsoft and the Federal Bureau of Investigation (FBI) have teamed up to take necessary action against the password-stealing GameOver Zeus botnet, rendering it harmless. This botnet was the most active banking Trojan of 2013 and between 500,00 and 1 million PCs worldwide are infected by it. The botnet is also responsible for more than $100 million in losses.
“The FBI-led legal action and private-sector-led technical action against GameOver Zeus has taken down a portion of the command-and-control (C&C) infrastructure linked to domains generated by the malware and registered by the cyber-criminals. In this operation, codenamed b157, the FBI seized the registered domains,” Microsoft stated in an official blog post.
Microsoft conducted analysis on the P2P network and developed a cleaning solution. Microsoft also worked closely with global Community Emergency Response Teams (CERTs) and Internet service providers (ISPs) to help victims regain control of their compromised computers. Microsoft states that victims of the GameOver Zeus are continually being notified and their infected computers cleaned to prevent future harm.
GameOver Zeus, for those that did not know, is spread by cybercriminals who create malicious websites that download malware onto a victim’s unprotected computer. Victims can also receive the malware via phishing, where malicious emails (which appear to be legitimate) entice people to click on a link or an attachment, ultimately deploying the GameOver Zeus Trojan onto the victim’s computer. Passwords and account information are then stolen via a key logger and sent to the botnet’s server for the cybercriminals to toy with.
This is Microsoft’s ninth involvement in a botnet operation. Microsoft also has a Cybercrime Center, in which the company works hard to advance the global fight against cybercrime.