Justice explained that computers infected with Gameover Zeus reach out to other computers in the botnet and receive commands, typically harvesting banking credentials and funneling them back to central servers.
Researchers estimate that between 500,000 and one million computers are infected, 25 percent of them in the US. Once banking credentials are captured, they are used to initiate wire transfers to overseas banks. The FBI estimates $100 million has been stolen in this way.
Justice said the US has obtained civil and criminal court orders in federal court in Pittsburgh authorizing measures to redirect the automated requests by victim computers for additional instructions away from the criminal operators to substitute servers established pursuant to court order.
The order authorizes the FBI to obtain the IP addresses of the victim computers and to provide that information to US-CERT to distribute to other countries’ CERTS and private industry to assist victims in removing GOZ.
In addition to the disruption operation against GOZ, Justice said it leadanother multi-national action to disrupt Cryptolocker, estimated to have infected over 234,000 computers, about half of them in the US.
DoJ announcement:
http://www.justice.gov/opa/pr/2014/June/14-crm-584.html
