2 weeks to prepare for 'powerful' virus strike-back in major malware offensive
The UK has warned its computer-users they have two weeks to protect their machines from two powerful viruses, GameOver Zeus and Cryptolocker, after a US-led multinational operation announced a coordinated takedown of malware.
There are more than 15,500 computers infected in the UK and many more are at risk, the UK’s National Crime Agency has said, citing “intelligence” assumptions.
It “could cost computer users millions of pounds,” the NCA warned.
The agency is now “urging the public and small businesses” to consult with the government-backed getsafeonline.org website.
“Nobody wants their personal financial details, business information or photographs of loved ones to be stolen or held to ransom by criminals. By making use of this two-week window, huge numbers of people in the UK can stop that from happening to them,” Deputy Director of the NCA’s Cyber Crime Unit Andy Archibald said.
However, computer users need to take action immediately, as authorities only have temporary control of communications.
"This warning is not intended to cause you panic but we cannot over-stress the importance of taking these steps immediately. This is because the UK's NCA has taken temporary control of the communications used to connect with infected computers, but expects only a very limited window of opportunity to ensure you are protected," said UK-based Get Safe Online, a government-backed organization that has published a list of software it recommends for the task.
With the warning reaching the public, Get Safe’s website crashed under the number of requests to view its content.
The organization’s Chief Executive Tony Neate insisted that this was not due to a cyber-attack.
The NCA’s warning relates to a strain of malware known as Cryptolocker, which works together with another malware, Gameover Zeus (also known as GOZeus or P2PZeus).
GOZeus is usually downloaded by unsuspecting users in what is known as a phishing attack, often in the form of an email which looks legitimate, but which is in fact designed to trick someone into downloading malicious software.
Once inside someone’s machine, the malware then searches for files containing financial information. If it cannot find anything, it will install Cryptolocker, which locks the computer until a ransom fee is paid.
According to the US-led team of investigators, which include FBI, NCA, and Europol, Gameover Zeus virus estimate that between 500,000 and 1 million computers around the world. A quarter of victims are said to be the US, where computer-users have lost more than $100 million to Gameover Zeus.
Cryptolocker alone infected more than 234,000 machines and won $27 million in ransom payments in just its first two months, the Justice Department said.
In the biggest operation of its kind, servers all over the world were raided simultaneously by the NCA, FBI, Europol, and other authorities.
This meant police could direct what are known as Command and Control (C&C) servers, which hackers and criminals use to control the operation of the botnet. A botnet is a network of home computers often controlled by a criminal gang.
“The scale of this operation is unprecedented. This is the first time we’ve seen a coordinated international approach of this magnitude, demonstrating how seriously the FBI takes this current threat,” Steve Rawlinson from Tagadab, a web-hosting company involved in the bust, told the BBC.
The FBI accuses a Russian called Evgeny Bogachev, who they have identified a ringleader of the gang. Bogachev, 30, is now facing 14 criminal charges alleging that he is the “administrator” of GameOver Zeus. He is also accused of being a leader of the “tightly-knit gang” behind CyberLocker.
US Disrupts One Of The Biggest Hacking And Extortion Rings Ever — Russian Charged
(Reuters) - A U.S.-led international operation disrupted a crime ring that infected hundreds of thousands of PCs around the globe with malicious software used for stealing banking credentials and extorting computer owners, the Justice Department said on Monday.
Authorities in nearly a dozen countries worked with private security companies to wrest control of the network of infected machines, known by the name of its master software, Gameover Zeus.
Court documents released on Monday said that between 500,000 and 1 million machines worldwide were infected with the malicious software, which was derived from the original "Zeus" trojan for stealing financial passwords that emerged in 2006. Officials charged a Russian man with hacking, fraud and money-laundering, and court documents suggested they suspect he wrote Zeus, one of the most effective pieces of theft software ever found.
In addition to stealing from the online accounts of businesses and consumers, the Gameover Zeus crew installed other malicious programs, including one called Cryptolocker that encrypted files and demanded payments for their release. Cryptolocker alone infected more than 234,000 machines and won $27 million in ransom payments in just its first two months, the Justice Department said.
The two programs together brought the gang more than $100 million, prosecutors said in court documents, including $198,000 in an unauthorized wire transfer from an unnamed Pennsylvania materials company and $750 in ransom from a police department in Massachusetts that had its investigative files encrypted. Other victims included PNC Bank [PNCBKN.UL] and Capital One Bank [COFCB.UL], according to court documents.
“These schemes were highly sophisticated and immensely lucrative, and the cyber criminals did not make them easy to reach or disrupt,” Leslie Caldwell, who heads the Justice Department's criminal division, told a news conference.
The Gameover Zeus "botnet" - short for robot network - is the largest so far disrupted that relied on a peer-to-peer distribution method, where thousands of computers could reinfect and update each other, said Dell expert Brett Stone-Gross, who assisted the FBI.
"We took control of the bots, so they would only talk with our infrastructure," Stone-Gross said.
A civil suit in Pennsylvania helped authorities get court orders to seize parts of the infected network, and on May 7, Ukrainian authorities seized and copied Gameover Zeus command servers in Kiev and Donetsk, officials said. U.S. and other agents worked from early Friday through the weekend to seize servers around the world, freeing some 300,000 victim computers from the botnet so far.
USG
ACCUSED MASTERMIND IN RUSSIA
A criminal complaint unsealed Monday in Nebraska, meanwhile, accused Russian Evgeniy Mikhaylovich Bogachev and others of participating in the conspiracy.
U.S. officials said Bogachev was last known to be living in the Black Sea resort town of Anapa. In an FBI affidavit filed in the Nebraska case, an agent cited online chats in which aliases associated with Bogachev claimed authorship of the original Zeus trojan, which has infected more than 13 million computers and is blamed for hundreds of millions of dollars in losses.
"That's what he claimed. There were probably a number of people involved," said Dmitri Alperovitch, co-founder of security firm CrowdStrike, which also worked with the FBI. A person familiar with the case said that Bogachev's ICQ number, which is an assigned Internet chat query identifier, matched that of the known Zeus author. Attempts to reach Bogachev were unsuccessful. The FBI declined to comment on Zeus' authorship, citing the ongoing investigation, and Justice Department officials did not respond to questions on the issue.
Zeus's code has since been publicly released, and many variants are still being used by gangs large and small.
"Zeus is probably the most prolific and effective piece of malware discovered since 2006," said Lance James, head of cyber-intelligence at consultancy Deloitte & Touche, which also helped authorities.
Russia does not extradite accused criminals to other countries, so Bogachev may never be arrested. He was named as part of a new policy on aggressively exposing even those the United States has little hope of catching. The recent crackdown includes the indictment of five members of China's People's Liberation Army for alleged economic espionage, which prompted denials and an angry response from Chinese authorities.
“This is the new normal,” Robert Anderson, the top FBI official in charge of combating cyber crime said at a news conference announcing the Russian action.
When asked whether Russian authorities would turn Bogachev over to the United States, Deputy Attorney General James Cole said “as far as Russia, we are in contact with them and we’ve been having discussions with them about moving forward and about trying to get custody of Mr. Bogachev,” but declined to provide further detail of those talks. The shutdown of Gameover Zeus may not last. Other botnets have resurfaced as criminals regained at least partial control of their networks. Officials at the United Kingdom's National Crime Agency said in an "urgent warning" that users might have only two weeks to clean their computers from traces of the infection. They directed users to https://www.getsafeonline.org/nca, which was intermittently available late Monday.
The U.S. Department of Homeland Security set up a website to help victims remove the malware. The European Cybercrime Centre also participated in the operation, along with Australia,Canada, France, Germany, Italy, Japan, Luxembourg, New Zealand and Ukraine.
Intel Corp, Microsoft Corp, security software companies F-Secure, Symantec Corp, and Trend Micro; and Carnegie Mellon University supported the operation.
No comments:
Post a Comment