Feeds

Security bods mop blood, sigh: NEW CryptoLocker zombies? We don't see their kind

Not much, at least, since Feds chopped master's head off

Providing a secure and efficient Helpdesk

Infections from the infamous CryptoLocker ransomware have fallen off sharply since a takedown operation earlier this week, according to security researchers.

An FBI-led takedown operation disrupted the internet infrastructure powering the Gameover ZeuS botnet and the even more infamous CryptoLocker ransomware. Gameover ZeuS is a banking Trojan that's been around for years but more recently has been used as a distribution mechanism for CryptoLocker. The ransomware nasty is also capable of spreading using infected email attachments that pose as voicemail or shipping confirmations.

Danish security firm Heimdal Security - part of CSIS Security Group - estimates that 50,000 systems were getting press-ganged into the Gameover ZeuS botnet, with at least 1.2 million computers living as part of the zombie network in early May. This figure has shrunk dramatically since the takedown op, with a weekly run rate of new zombie drones in the low hundreds instead of tens of thousands, according to Heimdal Security.

Many Gameover ZeuS zombies were also infected by CryptoLocker, one of the zombie networks's main secondary payloads. It's therefore logical to infer that CryptoLocker infections have also taken a nosedive - or even flat-lined.

"After the operation, our intelligence now shows that the number of new infections per day has dropped significantly and now looks to be stable around zero, for now at least," Morten Kjaersgaard, Heimdal Security’s chief exec, told The Register.

"When and with what strength the infections pick up again, is hard to predict, but the risk of infection still exists. It is just like the flu, you can catch it because the virus exists."

Kjaersgaard urged web surfers to check their systems for infection by Gameover Zeus, using a tool supplied by Heimdal, or rival utilities. "As many people are still infected with Gameover Zeus P2P, which is also used to deliver the Cryptolocker ransomware, we strongly advice people to take the necessary measures to check if they are infected," he added.

Cops, aided by security researchers, have linked the distribution of Gameover ZeuS and CryptoLocker as the work of the same closely linked gang.

Thirty-year-old Russian national Evgeniy Mikhailovich Bogachev has been charged with allegedly masterminding the distribution of the Gameover ZeuS and the even more infamous CryptoLocker ransomware. Bogachev has been placed on an FBI wanted list over the alleged cybercrimes.

Whatever the outcome of the case, or even whether CryptoLocker itself is revived, various cybercrooks are already hard at work developing CryptoLocker clones (examples here and here) and other strains of malware. And we also have the problem of machines already infected with CryptoLocker.

An estimated 234,000 computers worldwide, half in the US, have been infected with CryptoLocker since it first surfaced in September 2013. These infection have been used to bilk victims out of more than $27m (£16m), according to FBI estimates. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.