Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Crime Security United States

Justice Dept. Names ZeuS Trojan Author, Seizes Control of P2P "Gameover" Botnet 76

tsu doh nimh (609154) writes "The U.S. Justice Department announced today an international law enforcement operation to seize control over the Gameover ZeuS botnet, a sprawling network of hacked Microsoft Windows computers that currently infects an estimated 500,000 to 1 million compromised systems globally. Experts say PCs infected with Gameover are being harvested for sensitive financial and personal data, and that the botnet is responsible for more than $100 million in losses from online banking account takeovers. The government alleges that Gameover also was rented out to an elite cadre of hackers for use in online extortion attacks, spam and other illicit moneymaking schemes. In a complaint unsealed today, the DOJ further alleges that ZeuS and Gameover are the brainchild of a Russian man named Evgeniy Mikhailovich Bogachev, a.k.a. 'Slavik.'"
This discussion has been archived. No new comments can be posted.

Justice Dept. Names ZeuS Trojan Author, Seizes Control of P2P "Gameover" Botnet

Comments Filter:
  • by NoNonAlphaCharsHere ( 2201864 ) on Monday June 02, 2014 @12:57PM (#47147561)
    And where one compromised Windows machine falls, two more will arise to take its place.
    • That sounds poetic and I understand it is a general (likely warranted) shot at windows but it's not really applicable. Cleaning an infected machine results in one less infected machine. The act of cleaning does not generate 2 more infected machines and in fact shrinks the botnet by some, albeit small degree. There is never a situation where cleaning a Windows machine is a bad option - which keeps a significant number of us employed/harassed by friends/relatives.

      If you can secure a machine (e.g. by be

    • Why would they target anybody else than Windows users? It accounts for 80% of the PC OS.

      The last 20% is shared between Unix, Linux and Apple. Apple actually 11% of that last 20%.

  • by gstoddart ( 321705 ) on Monday June 02, 2014 @12:59PM (#47147575) Homepage

    Because, you know, the NSA et al are doing just as much hacking as the black hats are.

    At which point, one must assume they'll continue to use this botnet for their own purposes, and not simply dismantle it.

    Why give up an established spy network?

  • Since the government have control of all those computers now, would it be ethical for them to go in and actually install the patches to stop them being easily becoming victims next time around?

    • Pretty sure it is their duty to use these computers to gather information for national security.

    • Does the executable run by itself when a user clicks on the hyperlink from a phishing attempt in e-mail, or does it require the user to run it? If it's the later, you can't fix stupid.

  • Just have to put this out there, but now that the government has taken control, how much do you want to bet the NSA will use this opportunity to spy? Even if they do not use Zeus long term, they could use it to install their own software on millions of PCs that are already infected.
  • by mrspoonsi ( 2955715 ) on Monday June 02, 2014 @01:29PM (#47147761)
    According to this article: http://www.bbc.co.uk/news/tech... [bbc.co.uk] the C&C servers will be replaced by new ones, so there is only a 2 week window until the network is back up and running.
    • by Anonymous Coward

      Here's what I don't get about that. The way the article shows the structure of the Gameover botnet, it looks like the C&C servers are hard-coded in. The person who coded the botnet control program would have no reason to give away his source code. If they've already seized the C&C servers, and the only person who can change the code has been arrested, how could new C&C servers pop up so quickly, unless Gameover Zeus has already been forked?

      • by Yebyen ( 59663 )

        Presumably there's some concept of a CA / revocation list where infected nodes can find messages in a public channel or forum of some kind that tell where to reach the new C&C servers. I'm struggling with this as well, but it seems reasonable to assume from the quoted text that those machines are checking in regularly with the C&C servers, which the authorities now control, and they are checking in less frequently (every 2 weeks) with some other channel that is not controlled by the authorities, wh

  • Maybe that's why I've had no more notices to appear in court the last couple of days.

    The magistrate was getting pissed off telling me to go away!

  • by dhammabum ( 190105 ) on Monday June 02, 2014 @07:21PM (#47150735)

    Why aren't they going after terrorists? We all need to sacrifice to defeat terrorism, and if it means compromised systems and stripped bank accounts, well, that is the price we all have to pay.

    • Honestly, there are some counties in my state where I think we'd be better off with a few more muggers than a few more cops -- they certainly cost less than proving yourself innocent in a court.

1 Angstrom: measure of computer anxiety = 1000 nail-bytes