Much like a tsunami warning that can only serve to clear a certain region of coastal beaches before the whole place is inevitably wiped clean, this week the UK’s National Crime Agency issued a statement to anyone who owns a computer that they have just under half a month to shore up their defenses before Zeus and CryptoLocker make landfall once again.
Recently the NCA launched a series of operations which brought down vital pieces of the infrastructure that allowed the two malware variants to spread as efficiently as they have over the past year, disabling command and control servers and issuing a stack of warrants for the heads of anyone who was involved in keeping the whole scheme functional while it tore its way through hundreds of thousands of machines from across the globe.
The NCA collaborated with the FBI and Europol to make the sting go smoothly, and although they were pleased with the damage they were able to do to the criminal network who was profiting off the venture, they also warn that it’s only a matter of time before new networks are back up and running once again.
“The ultimate goal of the law enforcement activity is to prevent infected computers from communicating with one another, significantly weakening the criminal infrastructure. While this blow is effective, it is not permanent and we expect the malicious networks to return to their former strength within weeks, if not days,” he warned.
The same rhetoric we’ve heard a hundred times over was repeated again here, with the advisory informing users they should update any antivirus/anti-malware software they own, as well as being extra weary of any attachments that show up in their inbox unprovoked.
CryptoLocker has proven itself to be an especially lucrative source of funds for underground hacker rings as of late, with some 100,000 infections in 2013 alone netting millions for anyone who’s willing to hold someone’s precious memories as a ransom for cold hard cash.
Zeus opts to take things down the more traditional trail, installing trojans and keyloggers on a user’s computer while silently waiting for them to log into their preferred banking service online, or use a credit card which can be traced and duplicated by the hackers back home.
Where things get particularly nasty is when Zeus and CryptoLocker team up into the dynamic duo we saw deployed earlier this year. By combining tactics from each program, hackers are able to ensure that nearly every infection they spread eventually turns a profit, one way or the other. If Zeus spends a certain amount of time on a computer without detecting enough valuable information to make sustaining the infection financially viable, it will then “call in” the most recently updated version of CryptoLocker to come in and finish the job.
“Nobody wants their personal financial details, business information or photographs of loved ones to be stolen or held to ransom by criminals. By making use of this two-week window, huge numbers of people in the UK can stop that from happening to them.”