THE FBI announced on Tuesday that it believes Russian citizen Evgeniy Mikhaylovich Bogachev is the leader of the gang behind the Gameover botnet, and has issued a warrant for his arrest.
Bogachev, also said to be known as "lucky12345" and "slavik" joins the Agency's Cyber Most Wanted list. In a press conference, the FBI said that Russian authorities have been "productive", although it is believed that Bogachev may have escaped the country by boat.
Gameover first hit headlines on Monday, with the UK National Crime Agency (NCA) having issued a botnet warning about the latest botnet set to attack thousands of unprotected machines. It is estimated that 15,000 machines in the UK have already been infected out of the one million worldwide, and internet service providers (ISPs) have said that they will be writing to customers that they believe have been affected.
Gameover Zeus (GOZ), sometimes known as P2P Zeus or GO Zeus, is a relative of the ransomware known as Cryptolocker, which has seen a resurgence in recent months with an Android variant attacking porn users.
Gameover Zeus has already resulted in the illegal transfer of millions of pounds around the world and the NCA claims that its appearance in the UK could cost computer users losses running to millions more.
The NCA has worked on a global initiative to put procedures in place that disrupt information flow between victim machines and servers. However, the Stay Safe Online website has been experienced issues, with the website crashing for some users. At time of writing it has been partially restored but appears to be struggling under the weight of traffic.
Andy Archibald, deputy director of the NCA's National Cyber Crime Unit, said, "Nobody wants their personal financial details, business information or photographs of loved ones to be stolen or held to ransom by criminals. By making use of this two-week window, huge numbers of people in the UK can stop that from happening to them."
MD of Tagadab Steve Rawlinson was keen to emphasise that this is more than just another virus. He said, "The scale of this operation is unprecedented. This is the first time we've seen a coordinated, international approach of this magnitude, demonstrating how seriously the FBI takes this current threat.
"Botnets enable malicious activity which costs the global economy billions of pounds. Because of the way these particular botnets work it is very difficult to find the people behind the crime or to stop the botnet from spreading. This joint operation from law enforcement agencies, ISPs, and IT security vendors is a carefully coordinated strike designed to disable the botnet for a few days.
"The operation relies on public awareness and ultimately this is the key to its success or failure. If users fail to update their security in the window of opportunity then there's little the FBI or anyone else can do for them. Consumer education is hugely important because it prevents criminals from gaining the advantage, but we need a coordinated, long-term awareness campaign backed by businesses and governments across the world if we want messages about the dangers of Trojans and malware to really hit home."
Users are advised to backup all valuable data, avoid shonky looking email attachments and ensure anti-malware packages are up to date. As important, however, is the need to pass on information about the threat in order to ensure that as many people are protected during the window created by the global malware server distruption. µ