Lancope is now part of Cisco Learn MoreLancope Arrow About Cisco
Ominous Background With Green Data On It

Zeus Gameover, the Department of Justice, and the SLIC Threat Feed

Brandon Tansey

Earlier this month, the U.S. Department of Justice issued a press release announcing a criminal complaint against “a leader of a tightly knit gang of cyber criminals based in Russia and Ukraine that is responsible for the development and operation of both the Gameover Zeus and CryptoLocker schemes.” In addition, the release announced actions taken to disrupt both the Zeus Gameover botnet and CryptoLocker ransomware infrastructure. It’s important to note that, while the court documents have been published, no arrests have been made.

While the futures of Zeus Gameover and CryptoLocker are uncertain, the UK’s National Crime Agency, who assisted with the disruption, warns that this disruption may only last a short while. They go on to say that this window provides “a unique, two-week opportunity” to seek out Zeus Gameover and CryptoLocker infections and get rid of them.

Lancope’s StealthWatch Labs Intelligence Center (SLIC) has provided coverage for CryptoLocker communication through its SLIC Threat Feed since earlier this year by taking advantage of CryptoLocker’s domain generation algorithm (DGA). As of today, the domains produced by the Zeus Gameover DGA are also included in the threat feed.

By taking advantage of the visibility that Lancope’s StealthWatch System provides, both the CryptoLocker and newly introduced Zeus Gameover coverage in the SLIC Threat Feed can help customers make good use of the disruption.

Click here for more information on the SLIC Threat Feed.


More from this contributor:

Vegas time is quickly approaching again. You can sort of call it a vacation, and if you do, it’ll likely be the busiest vacation of the year –...
One of the primary advantages of the StealthWatch ® System is its ability to automate threat detection based on Lancope’s proprietary analytics and...
A few short weeks ago, the details of the Shellshock vulnerability were made public. Since the bug was published, we’ve seen all kinds of scanning...