Zeus Gameover, the Department of Justice, and the SLIC Threat Feed

Brandon Tansey

Earlier this month, the U.S. Department of Justice issued a press release announcing a criminal complaint against “a leader of a tightly knit gang of cyber criminals based in Russia and Ukraine that is responsible for the development and operation of both the Gameover Zeus and CryptoLocker schemes.” In addition, the release announced actions taken to disrupt both the Zeus Gameover botnet and CryptoLocker ransomware infrastructure. It’s important to note that, while the court documents have been published, no arrests have been made.

While the futures of Zeus Gameover and CryptoLocker are uncertain, the UK’s National Crime Agency, who assisted with the disruption, warns that this disruption may only last a short while. They go on to say that this window provides “a unique, two-week opportunity” to seek out Zeus Gameover and CryptoLocker infections and get rid of them.

Lancope’s StealthWatch Labs Intelligence Center (SLIC) has provided coverage for CryptoLocker communication through its SLIC Threat Feed since earlier this year by taking advantage of CryptoLocker’s domain generation algorithm (DGA). As of today, the domains produced by the Zeus Gameover DGA are also included in the threat feed.

By taking advantage of the visibility that Lancope’s StealthWatch System provides, both the CryptoLocker and newly introduced Zeus Gameover coverage in the SLIC Threat Feed can help customers make good use of the disruption.

Click here for more information on the SLIC Threat Feed.