Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Operation Tovar disconnects Gameover Zeus and CryptoLocker malware - but only for two weeks

Global police operation cuts malware from C&C

Article comments

Global police forces have collaborated to temporarily disrupt the world’s most successful botnet, Gameover Zeus (aka P2PZeus or GoZeus), giving hundreds of thousands of victims a brief window in which they can more easily extricate themselves from its clutches.

Operation Tovar, jointly run by the FBI, the UK National Crime Agency (NCA), Europol and a number of security firms and universities was accidentally revealed at the weekend by a hasty and later removed post on McAfee’s website.

That described how the police have managed to disrupt the command and control (C&C) infrastructure for the East European-run Gameover Zeus system, also used to distribute the hated CryptoLocker ransom malware that has caused such grief around the world since last September.

Gameover’s main business remains stealing data from computer users, usually bank logins, but it best thought of as a sprawling, complex and often highly innovative malware creation and distribution platform. That police would make it public enemy number one is no surprise. 

“We anticipate the criminal infrastructure of both Gameover Zeus and CryptoLocker will re-establish operations as quickly as they can. Thus you need to take action quickly,” said McAfee’s accidental announcement.

Both McAfee’s release and a similar official announcement by the UK NCA have urged anyone who believes they are infected with Gameover Zeus, or who is told as much by their ISP, to rid themselves of it while the link with the C&C is broken. That makes it harder for the malware to reinstate itself as the user is trying to remove it.

McAfee was offering its Stinger anti-malware tool to aid with this onerous task, it said.

Estimates on the number affected by Gameover Zeus vary but the NCA said 15,500 had been identified in the UK on the basis of analysis of its C&C data. Other estimates put the number of infected systems at around 500,000-600,000, possibly more.

“Nobody wants their personal financial details, business information or photographs of loved ones to be stolen or held to ransom by criminals. By making use of this two-week window, huge numbers of people in the UK can stop that from happening to them,” said NCA National Cyber Crime Unit deputy director, Andy Archibald.

“Whether you find online security complicated or confusing, or simply haven’t thought about keeping your personal or office computers safe for a while, now is the time to take action,” he urged.

Of course, the amount of respite users have been given could be less than two weeks or a bit more than that; the exact time period will depend on how quickly the criminals take to reinstate their C&C. The fact that the FBI and NCA are willing to put a two-week prediction on Operation Tovar suggests that the disruption they have wrought to the botnet is severe.

Botnet takedowns are nothing new, although past ones usually had a severe effect on their targets. Gameover Zeus is on a different level to most of these past events.

One thing the disruption will do is temporarily make it impossible for victims of CryptoLocker to pay ransoms to receive an unlock encryption key to get back their files. Given that the criminals behind CryptoLocker rarely if ever supply keys these days, that is no loss. However, Tovar won’t help current victims to reinstate their files, only briefly stop new victims from being infected.


More from Techworld

More relevant IT news


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *