Operation Tovar was similar to the Coreflood botnet take-down in 2011. In the Coreflood botnet take-down, Microsoft filed civil lawsuits requesting the ability to take out the botnet's command and control infrastructure. The software giant said in a blog post on Monday that the civil action wasn't needed for Gameover Zeus because of its decentralized peer-to-peer communication setup.
Microsoft said its researchers conducted analysis on the Gameover Zeus peer-to-peer network to help provide visibility into the extent of impacted Windows systems. The take-down marks the second botnet operation by Microsoft since Nov. 14 when it worked with investigators to disrupt the ZeroAccess click fraud botnet.
"The impact of GameOver Zeus is not limited to the financial industry -- nearly all major business and public sector organizations are impacted," wrote Richard Domingues Boscovich, Assistant General Counsel, Microsoft Digital Crimes Unit, in a blog post outlining the company's role in the investigation.
Dell SecureWorks researchers, which had been heavily focused on Gameover Zeus, said the next stage of the operation is getting victims to clean infected systems. The company said in a statement that Operation Tovar involved law enforcement organizations around the world, security industry partners, ISPs, US-CERT and members of the academic communities at Georgia Institute of Technology and Carnegie Mellon University.
The U.S. Computer Emergency Response Team issued an alert detailing the Gamover Zeus and CryptoLocker removal tools created by Microsoft, McAfee and other security firms.
"We anticipate the criminal infrastructure of both Gameover Zeus and CryptoLocker will re-establish operations as quickly as they can. Thus you need to take action quickly," according to McAfee Labs, which issued an advisory Monday.
PUBLISHED JUNE 3, 2014