On Monday, the U.S. Department of Justice announced that, under an expansive effort involving the FBI, DOJ, international law enforcement and security firms, disruption of the Gameover Zeus botnet was possible.
Criminal charges against the 30-year-old Russian, Evgeniy Bogachev, were unsealed Monday in Pittsburgh, Pa., and Omaha, Neb., according to the DOJ release.
In Pittsburgh, Bogachev was charged with conspiracy, computer hacking, wire fraud, bank fraud and money laundering in connection with his alleged role as an administrator of the Gameover Zeus botnet, which consists of a network of 500,000 to one million infected computers running the Windows platform, the release said. In Omaha, federal prosecutors charged Bogachev with conspiracy to commit bank fraud related to an operation spreading an older variant of Zeus, dubbed “Jabber Zeus.”
Gameover came on the scene in the middle of 2011 and has similar properties to older variants of Zeus, such as logging keystrokes to steal banking credentials, but it also comes packaged with malicious functions that allow it to launch distributed denial-of-service (DDoS) attacks against financial institutions. In February, Dell SecureWorks Counter Threat Unit (CTU) named Gameover the most active banking trojan in 2013.
Now, federal prosecutors believe they've pegged a central figure behind the botnet.
Boachev, who remains at large, was described as a “leader of the tightly knit gang of cyber criminals based in Russia and Ukraine that is responsible for the development and operation of both the Gameover Zeus and Cryptolocker shemes,” the DOJ release said.
The suspected botnet administrator also goes by the online alias, “Slavik,” “Pollingsoon,” and “Lucky12345.”
Through investigations, law enforcement found that the Gameover infrastructure was also used to distribute Cryptolocker, ransomware believed to have infected more than 234,000 computers worldwide since it appeared last fall.
Cryptolocker notably made its way on the computer systems of a Vermont chamber of commerce in February, and even impacted a Massachusetts police department last November, inciting the force to pay a $750 ransom to recover computer files that the malware encrypted.
According to the Monday DOJ release, prosecutors found that phishing emails, designed to look like voicemail or shipping confirmation messages, were often used to spread Cryptolocker to unsuspecting users.
With the Gameover takedown efforts, the FBI estimates that is has disrupted a botnet responsible for more than $100 million in losses.