Police tell UK public they have only hours to combat GameOver Zeus malware

Two weeks ago, the National Crime Agency had a scary message for computer users up and down the United Kingdom.

NCA warns public

Two-week opportunity for UK to reduce threat from + Return to News powerful computer attack

The NCA is today urging members of the public to protect themselves against powerful malicious software (malware), which may be costing UK computer users millions of pounds.

Action taken by the NCA to combat the threat will give the UK public a unique, two-week opportunity to rid and safeguard themselves from two distinct but associated forms of malware known as GOZeuS and CryptoLocker.

Members of the public can protect themselves by making sure security software is installed and updated, by running scans and checking that computer operating systems and applications are up to date.

That was Monday 2 June. At the time of writing it’s late in the evening on Monday 16 June.

By my reckoning, therefore, the “two week opportunity for [the] UK to reduce [the] threat from a powerful computer attack” can be considered well and truly over.

But – it turns out – I’m wrong.

Sign up to our free newsletter.
Security news, advice, and tips.

On Friday, the NCA snuck out a new press release, saying that British computer users have been granted some extra time to take action and remove the Gameover Zeus malware from their PCs.

It hasn’t received anything like the press attention that the NCA’s initial release did.

NCA deadline extended

On Monday 2 June, the NCA announced that an international operation had temporarily weakened the global network of infected computers, providing a particularly strong two-week opportunity for members of the public to rid themselves of the malware and help prevent future infection.

By updating security software, running system scans to detect and clear infections, and checking that computer operating systems are up to date, individuals and businesses can take advantage of the criminal network’s relative weakness. The NCA strongly recommends taking these steps as soon as possible before midnight on Tuesday 17 June.

GameOver Zeus (also known as GOZeuS or P2PZeuS) is an extremely sophisticated incarnation of the familiar Zeus Trojan horse. It uses peer-to-peer (P2P) technology to hide its infrastructure, in an attempt to make it harder for law enforcement and security vendors to shut it down.

But, two weeks ago, the authorities – working with ISPs and members of the computer security industry – seized control of a large amount of the internet infrastructure being used by the GameOver Zeus and CryptoLocker threats.

What’s odd is that the NCA’s take on the whole thing was to send out a somewhat scary press release telling British computer users that they had best take action now to clean-up their computers if they were affected, whereas the FBI’s announcement conveys no urgency whatsoever for the American public to do anything.

In fact, the NCA did such a good job of frightening the bejeezus out of Brits, sending thousands and thousands of people scurrying for information about what action they should take, that they managed to bring down the government-backed Get Safe Online website.


The NCA hasn’t made that mistake this time, posting information for the public on a variety of sites including CyberStreetwise, GetSafeOnline and CERT.

Furthermore, this latest NCA press release (just like the first) offers no explanation of why the British public (and seemingly not the rest of the world affected by this global botnet) have such a strict deadline to take action.

GameOver Zeus / CryptoLocker infections

Is it that the authorities can only disrupt the botnet’s infrastructure for so long before it grabs back control over the infected PCs, or have the courts only allowed the computer crime cops a limited time to re-direct victims’ PCs away from criminal servers and in the direction of servers controlled by the good guys instead?

GoZeus and the policeMy hunch is the latter, but it doesn’t really explain the different approaches taken by the FBI and the British National Crime Agency.

It would be terribly interesting to know what’s really going on. After all, more details might actually stir more people into taking the required action.

Unfortunately, if your computer has been compromised by GameOver Zeus you won’t be able to tell with the naked eye. You need good security software to clean-up your infection, and remove affected computers from the internet until they are safe to reconnect.

At the time of its first alert, the NCA said that internet service providers would be contacting users whose computers were believed to have been compromised.

There’s no word of that in the latest press release, and I haven’t actually heard of anyone who has been notified by their ISP of a potential infection by GameOver Zeus. Nonetheless, it sounds like that would be very useful if that has happened.

One wonders if more details will emerge after midnight on Tuesday.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.