What is Gameover Zeus and How Do I Protect Myself?

It was two weeks ago that the Gameover Zeus botnet was disrupted by the UK's National Crime Agency, the FBI and Europol, but in that time little has changed say cyber security experts and the public won't change the way they use the internet.

In the warning issued by the NCA two weeks ago, it said that after the international action on the 2 June, which temporarily weakened the global network of infected computers, people were provided with a two-week grace period to rid themselves of the malware and help prevent future infection.

The agency warned that enhanced security will still be effective against cyber crime threats, but may not give the enhanced protection available while the Gameover Zeus and CryptoLocker system is at its weakest.

The NCA says that current indications are that infections in the UK have reduced since the 2 June, but thousands of systems remain affected or at risk.

Andy Archibald, deputy director of the NCA's National Cyber Crime Unit, said: "While there is never a bad time to maximise your online security, and it is something we should all do regularly, acting now can provide unprecedented levels of protection from these types of malware. If you haven't already, we urge individuals and small businesses alike to take action this weekend."

However TK Keanini, CTO of Lancope, said that this will likely have little effect as the sad reality is that most people just don't update their operating systems and security software. "These cyber criminals prey on those who don't even read these advisories," he said.


"This event was certainly a win for the defenders because it changed the economics of cyber crime. Rarely do defenders raise the cost to these cyber criminal operations but this joint effort really disrupted the bad guys. We need to do more of this until it is not an attractive business to pursue cyber crime."

Keanini said that the two week window was likely an estimate based on how quickly the criminal gang behind these botnets was likely to regain control of infected systems, but said that there is still time to take action.

Amichai Shulman, CTO of Imperva, said: "I think that more than anything this announcement puts emphasis on the poor posture law enforcement has with respect to cyber crime. Imagine the local police announcing a two week grace period in which the local gangs are "weakened" (with no further explanation) and urging everyone to use this grace period for installing improved window bars, more sophisticated alarm systems and in general be more cautious when they leave their homes after the grace period is over. This is absurd.

"Repelling cyber crime is not the responsibility of individuals. This ritual of botnet takedown announcements (remember Cutwail) has been repeating itself for too long. Yes, people should make an effort to protect their digital assets - a reasonable effort. We've already squeezed all the juice from the "don't open weird attachments" lemon. It's done. It's over. People use the Internet in order to receive content from unknown, needless to say untrustworthy, individuals. Security people and law enforcement should have realised that by now."

Not paying attention

In agreement was Dwayne Melancon, CTO of Tripwire, who believed that the majority of the public haven't been paying attention to this issue, which is how we got into this situation in the first place.

He said: "Many of the recommended actions fall into the category of 'good hygiene' in the computing sense, but it is notoriously hard to get the average user to keep things secure and up to date. Therefore, while I think this was a good idea, I'll be surprised if it makes a material difference in the reach of the bonnet."

Shulman said he does not expect cyber crime to become extinct, but he does expect it to be reduced to an acceptable level, and this is the responsibility of law enforcement. "You can't expect anyone with an online bank account (practically everyone) to be a cyber security expert - that's the responsibility of the banking application provider," he said.