Gameover ZeuS and Cryptolocker

University of Maryland University College

Abstract
Covered in this paper is how virulent software such as Gameover ZeuS and Cryptolocker can wreak havoc on a system causing all types of issues. Items covered are what type of software each of these malicious codes is categorized as. What a botnet and ransomware are and how they can affect a system. The type of threats that Gameover ZeuS and Cryptolocker are categorized as, such as a confidentiality breach, integrity breach or an availability breach. Lastly the types of intervention and prevention that can be done to mitigate an attack, or prevent it in the first place. Tackling software such as these before being spread can mean the difference between hundreds and even thousands of dollars in damage.

Gameover ZeuS and Cryptolocker
Gameover ZeuS was what most would consider a really nasty Trojan horse. Thought to be created by Evgeniy M. Bogachev, a 30 year old man from Russia, the supposed ring leader of the whole operation. It is thought that the Trojan infected between 500,000 and one million computers, and syphoning over 100 million dollars into the attackers accounts. Gameover ZeuS was a Trojan that created a botnet and also carried another payload with it, Cryptolocker. Cryptolocker was a type of ransomware that prompted users to enter personal information and money to “remove” the virus (Herman, n.d.). How did these two pieces of software work together to cause so much chaos?
We have established that Gameover ZeuS is a botnet and Cryptolocker is a ransomware, but what exactly is a botnet and ransomware? A botnet is best described by Margaret Rouse (2012), “...a number of internet computer that, although their owners are unaware of it, have been set up to forward spam/viruses to other computers on the internet…” Her definition is a clear statement of what to expect from a virus meant to wreak havoc. Ransomware on the other hand is they pay load that something like a botnet can carry making it even more troublesome. A ransomware is a type of Trojan horse that can make a computer completely unusable until the owner pays a fee to let the user have access again (Herman, n.d.).
Now that we have identified what types of malicious software we are talking about lets dive into how they caused so much chaos. How was Gameover ZeuS delivered to so many computers? Gameover ZeuS was often spread by spam email and phishing scams. Phishing scams are a type of email that contains a link to a legitimate looking website or an email requesting personal information (Rouse, 2007). Once Gameover ZeuS was on the infected computer it has a P2P communication infrastructure that allowed it to talk to other computers and be controlled by a botmaster or a sub-botmaster. This allowed it to easily control other computers and do things such as deliver malicious software such as Cryptolocker, hijack bank accounts, DDoS attacks, stealing Bitcoins, and theft of online credentials ("Gameover Zeus," n.d.).
Speaking in terms of what Gameover ZeuS and Cryptolocker can do we need to address what types of impact it can have on a system. These two malicious software’s working in conjunction can compromise confidentiality, integrity and availability; this is what makes these two software’s so dangerous. They can be capable of massive amounts of damage. They can compromise confidentiality due to the face that Gameover ZeuS has a built in key logger and can obtain online credentials such as usernames and passwords. Cryptolocker works in the same way in the fact that you would have to put in personal information to buy your way out of the encrypted lockout ("Gameover Zeus," n.d.).
Integrity of the system can be compromised as well, and we will address how first with Gameover ZeuS. Gameover ZeuS is a botnet so it has tons of other features other than spreading itself by email/phishing scams. Features as stated before such as a DDoS attack which can take down even the heftiest of server centers ("Gameover Zeus," n.d.). A DDoS attack is an attack that uses a botnet of thousands of computers to all simultaneously access a website at one time causing the server to overload. This causes a server to divert all processing down to the kernel level bypassing the read/write credential verification on the OS level since the kernel is typically what authenticates a user (“HTTP Flood,” n.d.). Cryptolocker on the other hand disrupts integrity in a different way. Cryptolocker encrypts all of your data on your hard drive rendering the system completely useless unless you have a backup stored somewhere, which most people don’t ("International Takedown,” n.d.).
The availability of a systems infected with this malicious code can be affected too in the same way as before. With Gameover ZeuS using the botnet to perform a DDoS attack and take down a server. If a server goes down it could be down for days or even week while security specialist comb through the system to see what was compromised, and what happened. The instance with Sony’s online gaming service left the network down for seven days only to tell the public that 77 million users that their information was compromised (Anthony, 2011). Then you have Cryptolocker that encrypts all of your data unless you pay a fee which in itself is a hindrance to the availability of a system.
In light of how aggressive these pieces of code can be there have been efforts by a multitude of government agencies around the world to counter the impact of them. It was known as “Operation Tovar” and consisted of United Kingdom’s National Crime Agency, FBI, Europol, Global Law Enforcement, and others in the private sector. Instead of going after each individual bot these agencies set out to tackle servers that were under the influence of Gameover ZeuS to stop the spread of the software. Vulnerability detection scans and frequent updates from Microsoft were highly encouraged. Advice was given by PCWorld.com on how to better protect yourself. They said to block email attachments containing .exe, .zip and .scr, use vulnerability mitigation software to detect exploits, and lastly install antivirus software while keeping it up to date (Bradley, 2014). In conclusion we have covered the types of malicious software Gameover ZeuS and Cryptolocker are what they can do to a computer system. We have also covered what type of attacks they can pose to a system. Attacks covered are ones such as a confidentiality breach, system integrity, and the issue with availability to a network. Lastly the types of prevention and mitigation were covered along with simple yet helpful advice to help a user keep their system well protected.

References
Anthony, S. (2011, April 27). How the PlayStation Network was Hacked | ExtremeTech. Retrieved February 13, 2015, from http://www.extremetech.com/gaming/84218-how-the-playstation-network-was-hacked
Bradley, T. (2014, June 2). How to protect yourself against Gameover Zeus and other botnets. Retrieved February 13, 2015, from http://www.pcworld.com/article/2357528/protect-yourself-against-gameover-zeus-and-other-botnets.html
Gameover Zeus & Cryptolocker « The Shadowserver Foundation. (2014, June 8). Retrieved February 13, 2015, from http://blog.shadowserver.org/2014/06/08/gameover-zeus-cryptolocker/
HTTP Flood. (n.d.). Retrieved February 13, 2015, from http://www.incapsula.com/ddos/attack-glossary/http-flood.html
Herman, L. (2014, June 11). Botnet, GameOver ZeuS, Disrupted & Ringleader Charged - Seculert Blog on Breach Detection. Retrieved February 13, 2015, from http://www.seculert.com/blog/2014/06/botnet-gameover-zeus-disrupted-ringleader-charged.html
International Takedown Wounds Gameover Zeus Cybercrime Network. (2014, June 2). Retrieved February 13, 2015, from http://www.symantec.com/connect/blogs/international-takedown-wounds-gameover-zeus-cybercrime-network
Rouse, M. (2007, May 1). Phishing. Retrieved February 13, 2015, from http://searchsecurity.techtarget.com/definition/phishing
Rouse, M. (2012, February 1). Botnet (zombie army). Retrieved February 13, 2015, from http://searchsecurity.techtarget.com/definition/botnet