NEWS FROM THE LAB - Tuesday, June 3, 2014

How much money did GameOver ZeuS steal? Posted by Sean @ 14:12 GMT

Wanted by the FBI: Evgeniy Mikhailovich Bogachev a.k.a. "slavik".

Tovar, Bogachev

Finally… a face and a name to go with an infamous alias.

Yesterday, the FBI announced a multi-national effort against the operator of GameOver ZeuS (GOZ), a notorious banking trojan.

We've been waiting for this:

Tovar, technical assistance provided by

Details here: GameOver Zeus Botnet Disrupted

Today we've been (eagerly) going through the associated documents — and the costs attributed to GOZ are very striking.

Examples of GameOver victims:

Tovar, GOZ victims

SEVEN MILLION dollars from one Florida bank? Wow.

Examples of CryptoLocker (ransomware dropped by GOZ) victims:

Tovar, CryptoLocker victims

A restaurant in Florida had its recipes encrypted?

Now THAT is some "secret sauce"!

$30,000 in damage is really a significant cost for such a business.

According to this FBI graphic, CryptoLocker made $30 million in payments during the last four months of 2013:

FBI, CryptoLocker Malware

So here's the thing about GOZ… it's a peer-to-peer botnet and is highly resistant to "takedowns". Law enforcement action is currently blocking critical command and control infrastructure — but it could be only a matter of time before slavik regains ownership via side channels. In the meanwhile, remediation efforts are underway. IP addresses related to GOZ are being directed to removal tools.

Our own (free) Online Scanner is listed in US-CERT's Alert (TA14-150A).

There's already a sizable increase in the number of scans performed according to our metrics.

Spread the word, and with any luck, the GameOver botnet will implode.