678,000 Windows PCs have been infected as a result of the Gameover ZeuS bank-theft botnet.  It has been attributed to cybercrime gangs in Eastern Europe and this particular botnet is thought to have complex defensive features which will make it very difficult for the authorities to completely defeat it.

The method of peer-to-peer distribution is thought to be the main reason behind this and means that each computer in the network would act as a client or server for the other computers in the network, allowing shared access to files and peripherals without the need for a central server making it very difficult to prevent further distribution.

A researcher at DellSecureWorks first came across the botnet in January after considering the data of thousands of users.  He commented that it appears to be one of the largest banking trojans yet.  It seems that the botnet uses spam emails involving household brand names as the hook, in order to gain information from an individual’s computer through various means such as credential scraping.  The botnet also has the ability to change HTML in order to get even more sensitive information in order to steal money from bank accounts, making unauthorised wire transfers and large Automated Clearinghouse (ACH) fraud.  ACH processes large volumes of credit and debit transactions in batches through a network and, given the ability of this botnet to affect those batches, could result in quick and efficient high-value fraud occurring.

Hundreds of thousands of computers have been affected by this botnet, across 226 countries, with the United States and Central Europe being the worst hit.  No doubt, researchers and authorities are working together to take down the botnet before hundreds of thousands more are infected.  It seems to be one huge task though and will certainly not be the last that will be seen of cyber crime of this nature.

Advertisements