DUBAI – It emerged three years ago and may be lying dormant on your computer as it gathers sensitive data. The US Federal Bureau of Investigation and cyber security firm Symantec estimate a million users around the world, including those in the UAE, have been affected by the GameOver Zeus virus. Users in the UAE are the third most affected (eight per cent over two years) with 5,000 to 6,000 infected computers in the past week alone, according to Symantec officials who spoke to Khaleej Times.
The US has been the most hit with 13 per cent, followed by Italy (12 per cent). Financial losses have run into tens of millions of dollars and though the FBI, Symantec and cyber security units from the affected countries have announced a cleanup of the scourge, Orla Cox, Symantec’s head of security response unit, said it’s still too early to predict the threat has passed.
“The malicious software can regroup and start working again if your anti-virus software is not updated,’’ she said from Dublin.
The FBI has identified the source of the virus as Evgeniy Mikhailovich Bogachev in the Russian Federation.
The malware, which the FBI terms “extremely sophisticated”, can steal banking and other passwords from the computers it infects and mostly spread through spam e-mail or phishing messages.
Soon the infected computers become part of a global network of compromised computers known as a botnet which cyber gangs use to divert large sums of money from bank accounts.
“In the case of GameOver Zeus, its primary purpose is to capture banking credentials from infected computers, then use those credentials to initiate or re-direct wire transfers to accounts overseas that are controlled by the criminals. Losses attributable to GameOver Zeus are estimated to be more than $100 million,” said an FBI statement.
Symantec’s Cox says the worm has not penetrated smartphones, but warns users to be wary of unsolicited mail. “It’s best not to open mail you are unsure about even if you have anti-virus packages installed on your computers,” she said.
Another way to stay safe is to have strong passwords and not to use the same password for multiple accounts. Always use a pop-up blocker and only download free software from trusted sites.
A slow computer and erratic cursor movements are warning signs your system has the bug. Text-based chat windows may appear and you may notice illegal money transfers from your accounts if the network has been penetrated.
Mutation
What’s troubling agencies is that the early Zeus virus which emerged some three years ago has mutated into it current form. The FBI said GameOver has a decentralised modus operandi and its peer-to-peer command-and-control infrastructure, rather than central points of origin, makes it a potent enemy for experts tackling online fraud. Therefore, instructions to the infected computers can come from “any of the infected computers, making a takedown of the botnet more difficult”, said the FBI in its analysis.
Here’s how law-enforcement agencies, cyber crime units and companies like Symantec are working together to root out the worm. The FBI first identifies the IP addresses of the targeted computers and passes on the information to Computer Emergency Readiness Teams around the world. The information is shared with Internet Service Providers and other security and crime fighting organisations.
US Deputy Attorney-General James Cole, in a statement, said the massive operation combined “traditional law-enforcement techniques and cutting-edge technical measures necessary to combat highly sophisticated cyber schemes targeting our citizens and businesses”.
Government and agencies also have to deal with another problem on their hands as some computers targeted by the malware have been infected by Cryptolocker, a worm which works together with GameOver.
If GameOver Zeus fails to do the intended damage, Cryptolocker gets into action and people on the network are locked out of their financial details online. Only a ransom paid to the criminals will allow them access to the computers.
The FBI said the US and foreign security officials seized Cryptolocker servers during the cyber offensive across the world. “GameOver Zeus is the most sophisticated botnet the FBI and our allies have ever attempted to disrupt,” said FBI Executive Assistant Director Robert Anderson. “The efforts announced today are a direct result of the effective relationships we have with our partners in the private sector, international law enforcement, and within the US government.”
How the stolen cash is spent
Cyber criminals spend the money stolen from accounts to buy expensive jewellery, an investigation has shown. Stores are contacted by the gangs and orders are placed. A person appears the next day to collect the goods and a wire transfer is made. Once this cash transfer is confirmed in the store’s account, the ‘mule’ hands over the jewellery to the gangs who sell them for cash and use money transfer to launder the ‘stolen’ cash.
Most mules are active participants in the scheme while others are lured through “work-at-home” advertisements. The cyber gang then e-mail potential candidates offering them a job. They are asked to open bank accounts or use their existing accounts to receive wired money. Thus organised, the gangs use money remitting services to send the cash to foreign accounts.