GameOver Zeus: Cybercrime’s Mr Big named by the FBI

ComputerThere’s big news from the front line of the fight against cybercrime today.

The US Department of Justice has filed a criminal complaint, claiming that Russian citizen Evgeniy Mikhailovich Bogachev is the leader of the gang that spread the GameOver Zeus (“GOZ”) malware and the notorious Cryptolocker ransomware, and ran botnets that hijacked up to one million computers around the world.

The US Department of Justice claims that since GameOver Zeus first appeared in September 2011, it has resulted in an eye-watering $100 million of losses.

The authorities claim that Bogachev – using the internet handles “Lucky12345”, “Slavik” and “Pollingsoon” – wrote the malicious code to compromise Windows PCs and steal banking details and login credentials from innocent users’ infected computers.


30-year-old Bogachev, and his alleged partners in crime believed to be based in Russia or Ukraine, are currently still at large.

GameOver Zeus is an extremely sophisticated edition of the familiar Zeus Trojan horse, and used peer-to-peer (P2P) technology to hide its infrastructure, in an attempt to make it harder for law enforcement and security vendors to shut it down.

Sign up to our free newsletter.
Security news, advice, and tips.

The great news today is that the authorities, working with ISPs and members of the computer security industry, has seized control of a large amount of the internet infrastructure being used by the GameOver Zeus and CryptoLocker threats.

Unfortunately, if your computer has been compromised by GameOver Zeus you won’t be able to tell with the naked eye. You need good security software to clean-up your infection, and remove affected computers from the internet until they are safe to reconnect.

The UK’s National Crime Agency has issued a press release which may have scared the bejeezus out of some British internet users, informing them that they had a “two-week opportunity” to sort out infected computers.

NCA warns public

The NCA is today urging members of the public to protect themselves against powerful malicious software (malware), which may be costing UK computer users millions of pounds.

Action taken by the NCA to combat the threat will give the UK public a unique, two-week opportunity to rid and safeguard themselves from two distinct but associated forms of malware known as GOZeuS and CryptoLocker.

Quite why users only have a fortnight to resolve security issues with their PCs isn’t unfortunately made clear in the press release, which lessens the impact of the message somewhat.

Nevertheless, Andy Archibald, Deputy Director of the NCA’s National Cyber Crime Unit, attempted to put a human angle on things to get the message across to the masses:

“Nobody wants their personal financial details, business information or photographs of loved ones to be stolen or held to ransom by criminals. By making use of this two-week window, huge numbers of people in the UK can stop that from happening to them.”

“Whether you find online security complicated or confusing, or simply haven’t thought about keeping your personal or office computers safe for a while, now is the time to take action. Our message is simple: update your operating system and make this a regular occurrence, update your security software and use it and, think twice before clicking on links or attachments in unsolicited emails.”

GetSafeOnline has published links to free tools which should be able to help you check and clean-up your computer on its Facebook and Google Plus pages.

Further reading: FBI press release: US Leads Multi-National Action Against GameOver Zeus Botnet and Cryptolocker Ransomware, Charges Botnet Administrator

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

One comment on “GameOver Zeus: Cybercrime’s Mr Big named by the FBI”

  1. Hayton

    The link to the Facebook page of GetSafeOnline appears to be broken. I see this message : "Sorry, this page isn't available. The link you followed may be broken, or the page may have been removed."

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.