Building of a Cyber Crime Empire using Trojan’s
I have removed many Trojan viruses over the years, but never as dangerous and powerful as ZeuS. This Trojan malware is responsible for stealing hundreds of millions of dollars by cyber gangs over the last eight years. My blog today is meant to alert computer users to the dangers of computer viruses and to protect themselves by getting good virus protection and backing up their data. Call Perry’s Computer Repair immediately if you suspect a virus infection.
The ZeuS code was probably created in 2006 and became a new kind of malware which sucked up more website and computer passwords in a day than any other similar malware in prior years. It was first detected in 2007 when it stole information from the U. S. Department of Transportation. As it evolved over the years, it became better and better at stealing many millions of dollars from banks, large corporations and government agencies.
This expertly designed malicious code did not slow down computers which common Trojan viruses would and alert users of its presence, but would operate seamlessly and silently in the background. The Russian creator of the code changed his aliases often but the name of the malware stayed the same: ZeuS, named after the god in Greek mythology. It became the face of cyber crime for eight years and initiated a furious hunt by the FBI and Cyber Security companies for the perpetrator.
Don Jackson, who worked at Dell SecureWorks, a cyber security company, and consults with many big companies on cyber security issues was also interested in finding the author. He learned Russian and began hanging out on online forums where cyber criminals hang out. The ZeuS malware inspired intense interest by cyber criminals because it had all of the state of the art features.
This malware package, which bundled all the tools including tracking and managing the computers it infected, became a “you can do it yourself,” DIY, malware program. These networks of crime are called Botnets that I described in a prior blog. These so called zombie networks can harvest data from your computer and also release spam to shut down a targeting site. It was designed so that a cyber criminal could buy a model malware program and customized it in a short time to be resold to its criminal customers.
Jackson found that the ZeuS code was getting more dangerous and now the code was now being introduced in the middle of an online banking session. When people logged into their online bank, the code piggybacked on the session and so the hacker could see what bank customer could see. In a moment, the hacker would then clean out the account. This became a nightmare for bank security.
Jackson posing as a cyber crook online tried to track the ZeuS author under the handle of A-Z. He learned that he owned a boat and wanted a Mercedes-Benz SLR and probably was Russian. This Russian sold his malware for $3000 with add on features costing more. In 2007 he closed up show only to reemerged in 2008 selling a new ZeuS variant malware and at the same time trying to protect his IP address. By 2009 the malware had become hardware dependent, the encrypted file tied to his computer to protect its creator. The malware author worked closely with a gang called the JabberZeus. The malware code now had a new feature, the capability of taking over virtual control of the computer which sold for $10, 000.
In one case, the gang hacked into Bullitt Kentucky county treasurer computer stealing more than $400,000 from its coffers. The JabberZeuS botnet was responsible for stealing more than $100 million from banks that year. This caused the FBI to take action arresting more than 150 people in 2010 in three countries. Still the original malware creator remained at large.
Subsequently, someone leaked the malware code and it became open source code that meant any criminal could take it and use it. This created a distraction for law enforcement while the malware author was able to create new malware code. In 2012, the FBI warned of a new ZeuS variant called Gameover, which created a botnet of 1.6 million customers.
As banks were distracted in dealing with Gameover malware, a new model appeared called ransomware which encrypted a user files and asked the user to pay a ransom of several hundred dollars to release the encryption. I had a customer who had this malware and it was really hard to remove it, but I finally did. The problem was restoring his files which were all encrypted.
FBI working with security companies found a way to break it
This botnet proved to be unbreakable for two years until the FBI working with security companies found a way to break it. The peer to peer model proved to be formidable model to deal with but Secure Works with the FBI slowly put government controlled computers inside the botnet system and seized control of the proxy addresses. Then a tipster told the FBI of an email address used by the Gameover Administrator that led them to Evgeniy Mikhailovich Bogachev, the original malware author who live in Anapa, Russia. Recently the FBI announced a 3 million reward for information that could lead to his arrest. He still has not been captured.
In future blogs we will describe more of cyber crime techniques. Stay tuned and call Perry’s Computer Repair for all of your virus needs: 443-783-2269