Two Week Window: GameOver ZeuS Botnet Seized, CryptoLocker Blocked


Home / Two Week Window: GameOver ZeuS Botnet Seized, CryptoLocker Blocked

Are you at risk from GOZeus or Cryptolock? A malware scan is the only good way to find out. (Seeing the malware at work on your computer is a bad way to find out). Image by Decoded Science

A global government effort has resulted in the seizure of GOZeuS (or P2PZeuS) and CryptoLocker networks – and now you have a narrow window of opportunity to clean your computer before what could be a significant malware attack when the systems recover.

When the malware systems recover in the next few weeks, if you haven’t cleaned up your system, your PC or laptop could be part of the attack – as part of the botnet – as well as a victim of the infection.

Although GameOverZeus and CryptoLocker are associated, they’re not the same, and carry very different risks – both for you and for everyone else.

GameOver Zeus: What is a Peer-to-Peer Botnet?

GOZeus is a peer-to-peer version of an older Zeus virus from 2011. The ‘peer-to-peer’ part is what’s important here.

A peer-to-peer network is basically a group of computers that connect and share resources, such as memory – instead of storing information and conducting operations via a server. Essentially, the connected computers become part of a larger system, all working together to accomplish some goal. In the case of a virus, the goal is typically to propagate that virus and to either harvest data (credit card numbers, banking information, and so on) or do something destructive like wipe memory.

In a botnet, the peer-to-peer computers actually eventually connect to a main server, where they get updates and other information, via a variety of domain names produced by the server. In short: If your computer is infected, it will connect to a domain ( – and no, that’s not really one of the URLs) hosted on the home-base server to get updates and instructions.

You know how your computer gets those auto-updates from Windows? It works the same way. Your computer queries the Windows server to see if there are any updates. If there are, your computer downloads them for you, and then starts prompting you to install the updates. In the case of a virus, however, your computer will install updates without asking, and then go on to wreak whatever havoc the server has requested.

CryptoLocker: Ransomware Trojan

CryptoLocker, while it is malware, is much less exciting, and has simply tagged along with GOZ in this anti-malware takedown due to an association between the two. CL is simply a ransomware trojan – a trojan does not self-replicate, unlike viruses. Trojans are there to complete a task – such as conquering the city of Troy, opening a backdoor into your computer for a virus or hacker to enter, and so on.

Ransomware is an up-and-coming type of malware that holds computers or data ‘hostage’ for a ransom. When you put the two together, you get a piece of malicious code that takes over your computer until you provide data or funds requested by the originator.

GOZ and CryptoLocker: How Could I Have Gotten a Virus on my Computer?

There are a variety of ways to get malware on your system, and some are a normal part of life and doing business, and as such, impossible to avoid. It’s pretty simple to keep the malicious code from ruining your day, however.

You can catch a computer virus (or any type of malware) just like you catch a cold – and prevent malware the same way you avoid getting sick during cold and flu season.

Want to catch a cold?

Hang out with sick people! (Don’t click on links, or connect your computer to a network unless you trust every computer on that network, and know it’s covered by antivirus software.)

Touch your face without washing your hands! (Don’t install any software or access any new programs without running antivirus software to check it out.)

Want to stay healthy?

Wash your hands frequently to clean off bacteria and viruses before they get you sick. (Run antivirus software daily.)

If you think you’re getting sick, see a doctor before it gets really bad. (If your antivirus program isn’t doing the job, take your computer in to be serviced.)

The Two Week Virus Attack Warning

What is this ‘two week warning?’ If they’ve stopped the servers, and so on, it’s all over, right?

In many cases, yes, but when the botnet is, as in the case of GOZeus, very sophisticated, the best security officials can do is temporarily paralyze the net. That two week window isn’t written in stone – it could be one week, it could be three, so don’t wait until the end of an arbitrary deadline to scan your computer. These are not new types of malicious code, so any up-to-date anti-malware software, from Norton to MalwareBytes, is sufficient to clean your system.

If you’re using a Windows-based machine, scan it now…. If you’ve got a Mac, scan that too. You’re safe from GOZeus if you’re on a Mac, but antivirus experts have found CryptoLocker on Macs. Don’t assume that your system is safe, just because your computer has an Apple on it.

Not sure if your anti-malware progam is sufficient? Leave a note in the Comments section below, and we’ll check it out. 

Leave a Comment