Burgeoning botnets!

Understanding large-scale computer infections and data-breach causal factors, part 2 of 2

By Robert E. Holtfreter, Ph.D., CFE, CICA, CBA

In part 2, we examine more botnet and malware case histories, analyze data breach causal factors and related statistics, and discuss ways to avoid becoming a victim of these nefarious schemes. 

On June 2, 2014, the FBI, in conjunction with the U.S. Department of Justice (DOJ), reported that a multinational effort successfully led to the disruption of another botnet. (See GameOver Zeus Botnet Disrupted.) The DOJ said that law enforcement agencies from Australia, the Netherlands, Germany, France, Italy, Japan, Canada, the Ukraine, the U.K. and other countries participated in the disruption operation.

This joint initiative was called GameOver Zeus — named for the malware of the same name — a very complex type of malware developed by cybercriminals to steal banking credentials and other personally identifiable information (PII) from infected computers. Once infected with the GameOver Zeus malware, the computers become part of a global network — a system of botnets — cybercriminals use to spread the malware through spam email and phishing messages.

According to the FBI article, cybercriminals' use of the GameOver Zeus malware has resulted in estimated losses of more than $100 million from individuals and businesses throughout the world.

Similar to the SpyEye malware, banking credentials — including network addresses of customer computers and other important PII captured by the GameOver Zeus malware — are redirected to servers controlled by cybercriminals. They then use the stolen information to hack into customer computers, infect them with the GameOver malware and re-direct wire transfers of money into accounts overseas that the cybercriminals have set up.

Originally, the FBI ran into problems busting the botnet. According to the FBI article, "Unlike earlier Zeus variants, GameOver [Zeus malware botnets have] a decentralized, peer-to-peer command and control infrastructure rather than centralized points of origin [associated with the SpyEye malware botnets], which means that instructions to the infected computers [in the GameOver botnet] can come from any of the infected computers, making a takedown of botnet more difficult. But not impossible."

To help solve the problem, officials filed civil and criminal court orders in a Pittsburgh federal court that authorized them to develop "measures to sever communications between the infected computers, re-directing these computers away from criminal servers to substitute servers under the government's control," according to the FBI article.

This measure allowed the FBI to identify the IP address of each of the compromised computers in the botnet and, with the use of substitute computers, direct this information to computer-readiness teams around the world and Internet service providers (ISP). Also, ISPs and other private-sector parties helped remove the GameOver Zeus malware from victims' computers. These two measures severely restricted the ability for botnet operators to issue commands to victims' machines, which essentially dismantled the botnet. 

For full access to story, members may sign in here.

Not a member? Click here to Join Now. Or Click here to sign up for a FREE TRIAL.