Feeds

Security bods mop blood, sigh: NEW CryptoLocker zombies? We don't see their kind

Not much, at least, since Feds chopped master's head off

Build a business case: developing custom apps

Infections from the infamous CryptoLocker ransomware have fallen off sharply since a takedown operation earlier this week, according to security researchers.

An FBI-led takedown operation disrupted the internet infrastructure powering the Gameover ZeuS botnet and the even more infamous CryptoLocker ransomware. Gameover ZeuS is a banking Trojan that's been around for years but more recently has been used as a distribution mechanism for CryptoLocker. The ransomware nasty is also capable of spreading using infected email attachments that pose as voicemail or shipping confirmations.

Danish security firm Heimdal Security - part of CSIS Security Group - estimates that 50,000 systems were getting press-ganged into the Gameover ZeuS botnet, with at least 1.2 million computers living as part of the zombie network in early May. This figure has shrunk dramatically since the takedown op, with a weekly run rate of new zombie drones in the low hundreds instead of tens of thousands, according to Heimdal Security.

Many Gameover ZeuS zombies were also infected by CryptoLocker, one of the zombie networks's main secondary payloads. It's therefore logical to infer that CryptoLocker infections have also taken a nosedive - or even flat-lined.

"After the operation, our intelligence now shows that the number of new infections per day has dropped significantly and now looks to be stable around zero, for now at least," Morten Kjaersgaard, Heimdal Security’s chief exec, told The Register.

"When and with what strength the infections pick up again, is hard to predict, but the risk of infection still exists. It is just like the flu, you can catch it because the virus exists."

Kjaersgaard urged web surfers to check their systems for infection by Gameover Zeus, using a tool supplied by Heimdal, or rival utilities. "As many people are still infected with Gameover Zeus P2P, which is also used to deliver the Cryptolocker ransomware, we strongly advice people to take the necessary measures to check if they are infected," he added.

Cops, aided by security researchers, have linked the distribution of Gameover ZeuS and CryptoLocker as the work of the same closely linked gang.

Thirty-year-old Russian national Evgeniy Mikhailovich Bogachev has been charged with allegedly masterminding the distribution of the Gameover ZeuS and the even more infamous CryptoLocker ransomware. Bogachev has been placed on an FBI wanted list over the alleged cybercrimes.

Whatever the outcome of the case, or even whether CryptoLocker itself is revived, various cybercrooks are already hard at work developing CryptoLocker clones (examples here and here) and other strains of malware. And we also have the problem of machines already infected with CryptoLocker.

An estimated 234,000 computers worldwide, half in the US, have been infected with CryptoLocker since it first surfaced in September 2013. These infection have been used to bilk victims out of more than $27m (£16m), according to FBI estimates. ®

The essential guide to IT transformation

More from The Register

next story
Rupert Murdoch says Google is worse than the NSA
Mr Burns vs. The Chocolate Factory, round three!
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Germany 'accidentally' snooped on John Kerry and Hillary Clinton
Dragnet surveillance picks up EVERYTHING, USA, m'kay?
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
Think crypto hides you from spooks on Facebook? THINK AGAIN
Traffic fingerprints reveal all, say boffins
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.