Gameover Zeus Botnet
The Gameover Zeus malware has been disrupted but Britons have been warned they only have two weeks to protect themselves before it is back online.

In what is one of the largest coordinated global efforts to disrupt a cybercrime campaign to date, law enforcement agencies in 11 countries - including Europol, the FBI and the UK's National Cyber Crime Unit - have disrupted the operation of a cybercrime gang which is responsible for the theft of hundreds of millions of pounds globally.

The stealth attack on the Gameover Zeus botnet (also known as P2P Zeus or GO Zeus) began late last week and as well as involving law enforcement agencies saw the collaboration of internet service providers and the security experts from companies like Dell, Trend Micro, Crowdstrike and McAfee.

While the operation has severed the links between the command and control servers maintaining the malicious software, and the victim's machines, this is only a temporary solution, and people have been warned they need to update their systems within two weeks.

Gameover Zeus - which is based on the code from the well-known Zeus Trojan - has been controlled by a core group of cybercriminals in Russia and the Ukraine since 2011 and have used the botnet to carry out large-scale corporate account takeovers and massive distributed denial of service attacks.

It is thought that somewhere between 500,000 and one million computers globally have been infected and has been responsible for the fraudulent transfer of hundred of millions of pounds globally.

The US CERT has issued more technical details about Gameover Zeus on Monday.

15,000 UK computers infected

The sophisticated malware allows the criminals to take complete control of your computer, including recording keystrokes, videoing what you did on screen and even turing on your webcam.

In the UK, more than 15,000 Windows computers are believed to have been infected and the National Crime Agency has issued a stern warning telling people they have just "two weeks" to update their systems and protect themselves from "a powerful computer attack".

Following the severing of ties between the servers controlling the Gameover malware and the infected PCs, people will only have a short time to check for infections and get rid of any malware on their systems, before the criminals regroup and begin operating the botnet again.

ISPs in the UK will be contacting customers who are known to have been infected with the BBC reporting that the first letters have already been sent out.


The Gameover malware is typically spread through spam emails which have been tailored to look like they come from trusted brands, which in the UK include HMRC and Companies House.

The emails have an attachment and if downloaded, your PC will be infected immediately. The malware immediately seeks out financial information stored on your PC and if it doesn't find anything, it installs the Cryptolocker ransomware, which encrypts all your files and demands a ransom be paid in bitcoin within 72 hours.

Trend Micro's Rik Ferguson, said: "The ultimate goal of the law enforcement activity is to prevent infected computers from communicating with one another, significantly weakening the criminal infrastructure. While this blow is effective, it is not permanent and we expect the malicious networks to return to their former strength within weeks, if not days."

Trend Micro has set up tools to help you check if your system is infected here (32-bit) and here (64-bit) which you can download to scan your PC.

The next step is to update your Windows operating system with any patches which Microsoft has issued. You should also be running effective and up-to-date security software for on-going protection.