- Jan 24, 2011
- 9,378
Gameover and CryptoLocker in concert
These two families of malware are often discussed together because Gameover, which gives its operators the power to upload new malware to already-infected computers, has been one of the ways by which CryptoLocker was distributed.
In other words, the crooks could milk you using Gameover; as soon as they thought they'd squeezed everything they could out of the Gameover part, they could "upgrade" you to CryptoLocker and sting you for a final $300.
With a 40% success rate against victims in the UK alone, if the University of Kent has it right, that's quite some sting.
The takedown
Very briefly summarised, US law enforcement has done the following:
• 07 May 2014. With co-operation from the Ukrainian authorities, seized and copied key Gameover command servers in Kiev and Donetsk. If the core servers in a botnet can't push put "what to do next" instructions to the zombie computers under their control, the botnet is seriously disrupted.
• 19 May 2014. Filed sealed criminal charges against a Russian national called Evgeniy Mikhailovich Bogachev, aka Slavik, aka Pollingsoon, for a raft of serious offences.
• 28 May 2014. Got a civil court order against Slavik and four other unnamed co-conspirators, thus permitting law enforcement legally to redirect Gameover traffic into a server specificed by the court.
Then, the "traceback" could begin, with the FBI and numerous operational partners in the US and in Europe identifying core computers in the botnet control infrastructure, and seizing servers in Canada, France, Germany, Luxembourg, the Netherlands, Ukraine and the UK.
Servers critical to the operation of CryptoLocker were seized at the same time, which did some serious damage to the CryptoLocker scam, too.
If your computer fails to "call home" for the public key mentioned earlier, CryptoLocker can't scramble your data, giving you time to find and destroy the malware before any costly damage is done.
Unity is strength
To remind you just how much work goes into an operation of this sort, it's worth repeating the names of the law enforcement agencies around the world that were officially named by the DoJ as having been part of this takedown.
Here they are:
Read more: http://nakedsecurity.sophos.com/2014/06/03/has-cryptolocker-been-cracked-is-gameover-over/
These two families of malware are often discussed together because Gameover, which gives its operators the power to upload new malware to already-infected computers, has been one of the ways by which CryptoLocker was distributed.
In other words, the crooks could milk you using Gameover; as soon as they thought they'd squeezed everything they could out of the Gameover part, they could "upgrade" you to CryptoLocker and sting you for a final $300.
With a 40% success rate against victims in the UK alone, if the University of Kent has it right, that's quite some sting.
The takedown
So here's the good news: the DoJ today announced a string of legal and technical assaults on the criminal infrastructures of these two malware families.Very briefly summarised, US law enforcement has done the following:
• 07 May 2014. With co-operation from the Ukrainian authorities, seized and copied key Gameover command servers in Kiev and Donetsk. If the core servers in a botnet can't push put "what to do next" instructions to the zombie computers under their control, the botnet is seriously disrupted.
• 19 May 2014. Filed sealed criminal charges against a Russian national called Evgeniy Mikhailovich Bogachev, aka Slavik, aka Pollingsoon, for a raft of serious offences.
• 28 May 2014. Got a civil court order against Slavik and four other unnamed co-conspirators, thus permitting law enforcement legally to redirect Gameover traffic into a server specificed by the court.
Then, the "traceback" could begin, with the FBI and numerous operational partners in the US and in Europe identifying core computers in the botnet control infrastructure, and seizing servers in Canada, France, Germany, Luxembourg, the Netherlands, Ukraine and the UK.
Servers critical to the operation of CryptoLocker were seized at the same time, which did some serious damage to the CryptoLocker scam, too.
If your computer fails to "call home" for the public key mentioned earlier, CryptoLocker can't scramble your data, giving you time to find and destroy the malware before any costly damage is done.
Unity is strength
To remind you just how much work goes into an operation of this sort, it's worth repeating the names of the law enforcement agencies around the world that were officially named by the DoJ as having been part of this takedown.
Here they are:
Read more: http://nakedsecurity.sophos.com/2014/06/03/has-cryptolocker-been-cracked-is-gameover-over/
