Authorities have apparently taken control of the Gameover bots and seized its command servers over the weekend, effectively freeing 300,000 of the 500,000 to 1 million infected Windows computers. Even better, they’ve found the crime ring behind the botnet and have charged alleged Russian mastermind Evgeniy Mikhailovich Bogachev with hacking, different types of fraud, money laundering and conspiracy.
Gameover Zeus, for those who’ve never heard of it in the past, is a P2P malware that pilfers banking information and initiates wire transfers to overseas bank accounts. It’s typically propagated through spam emails disguised as bills or invoices embedded with malicious links — the kind you tell your grandparents to never click. Once Gameover worms its way into a system, that computer becomes part of the extortion ring’s global network of infected machines, which funnel ill-gotten info back to the criminals. The perpetrators would sometimes also install compromised PCs with Cryptolocker, a “ransomware” that takes users’ files hostage until they pay up. According to the FBI’s estimates, the criminals have stolen over $100 million using both Gameover and Cryptolocker. But whether that’s enough for Bogachev to stand trial in the US (home to 25 percent of the affected machines) remains to be seen, as Russia does not extradite accused criminals. For now, all the authorities can do is spread word about the botnet and help people remove it from their computers.
The next stage – the part of the operation that is the duty of all of us – is to dismantle the rest of the botnet, by progressively disinfecting all the zombie-infected computers that made the Gameover and Cryptolocker “business empires” possible in the first place. US-CERT has come up with a whole list of free tools so you can do just that, and (if you are the go-to person for IT problems amongst your friends and family) so that you can help others, too. The Sophos Virus Removal Tool is amongst the recommended cleanup utilties. It’s a free download; you don’t have to uninstall your existing anti-virus first; and it detects and cleans the same malware, including rootkits, that Sophos Anti-Virus knows about, not just CryptoLocker.