How to protect yourself against Gameover Zeus and other botnets

Government agencies and private companies cooperated to take down a widespread malicious botnet. But others will replace it

The U.S. Department of Justice announced today that the Gameover Zeus (GOZ) botnet has been taken down in an effort dubbed "Operation Tovar." The action was the result of a multinational effort between government agencies, law enforcement, and private companies to shut down the massive botnet responsible for more than $100 million in losses for victims. The cooperation necessary to take down the botnet is impressive, but there will be more, and it's important for individuals to understand how to avoid falling victim to these threats.

CrowdStrike is one of the private companies that was heavily involved in Operation Tovar, and it worked with the United Kingdom's National Crime Agency, the FBI, Europol, global law enforcement, and other players in the private sector. Adam Meyers, VP of intelligence at CrowdStrike, described the results of Operation Tovar. "Over 500,000 infected machines were effectively disconnected from criminal control," he said. "The actors behind GOZ and Cryptolocker, which were both impacted by the recent actions, have done significant damage against unsuspecting victims."

Dwayne Melancon, CTO of Tripwire, praised Operation Tovar. "I think this is an excellent opportunity to make progress against a huge Internet threat," he said. "Taking out the command-and-control servers of a botnet is a monumental task, and this effort will make a significant difference and at least allow us to regain a foothold."

Melancon also cautioned, however, that botnets are extremely resilient, and he believes it won't be long before a new command-and-control structure fills the void. Even if it's not this botnet, there will be other botnets, so the question really is, "How can users avoid getting compromised by a botnet?"

"Consumers and businesses should use the free tools, Microsoft is a good place to start, to see if they have botnet malware on their systems," said Lamar Bailey, director of security research for Tripwire. "If they do, they should remove it as soon as possible and apply all patches necessary to protect against reinfection."

Bailey also recommends that users patch their operating systems and applications on a regular basis to guard against malware like Cryptolocker and run vulnerability detection scans to identify holes that could be exploited by attackers.

Lucas Zaichkowsky, an enterprise defense architect with CrowdStrike, pointed out that most antimalware tools do a poor job of identifying and blocking botnet threats and offered this advice to help individuals avoid becoming victims:

  • Block email attachments containing executable files or ZIP files with executable files like EXE and SCR.
  • Use vulnerability mitigation software to make up for unpatched software and avoid getting hit by exploit kits. The Microsoft Enhanced Mitigation Experience Toolkit (EMET) has a proven track record of protecting from attacks--including rare zero-days--before software patches are even available. Also, EMET can be managed in corporate environments using Group Policies.
  • Install antivirus software. Although not perfect, antivirus software can still catch a large percentage of malware and reduce noise. Free antivirus software such as Microsoft Security Essentials or AVG Free are just as good as commercial offerings, so don't feel like you have to pay money to get a good product.

For organizations with security staff, I recommend learning how to do manual analysis so incidents can be fully investigated to uncover what the existing security tools don't reveal. Being unaware that passwords have been stolen can result in dire consequences such as wire fraud or data theft as we saw in the recent eBay incident where attackers used employee credentials to login and make their way to the database.

Join the CSO newsletter!

Error: Please check your email address.

Tags U.S. Department of JusticetakedownCrowdStrikeNational Crime AgencysecurityTripwirebotnetDepartment of JusticefbimalwareEuropol

More about Department of JusticeeBayEuropolFBIMicrosoftToolkitTripwire

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tony Bradley

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place