On June 2, 2014, the Department of Justice and the FBI announced a multinational effort to disrupt the GameOver Zeus botnet, believed to be responsible for the theft of millions of dollars from businesses and consumers in the U.S. and around the world.

Also announced was the unsealing of criminal charges in Pittsburgh and Omaha against alleged botnet administrator Evgeniy Mikhailovich Bogachev of Anapa, Russian Federation.

GameOver Zeus is an extremely sophisticated type of malware designed specifically to steal banking and other credentials from the computers it infects. It’s predominately spread through spam e-mail or phishing messages.

Unbeknownst to their rightful owners, the infected computers become part of a global network of compromised computers known as a botnet—a powerful online tool that cyber criminals can use for their own nefarious purposes. In the case of GameOver Zeus, its primary purpose is to capture banking credentials from infected computers, then use those credentials to initiate or re-direct wire transfers to accounts overseas that are controlled by the criminals. Losses attributable to GameOver Zeus are estimated to be more than $100 million.

Unlike earlier Zeus variants, GameOver has a decentralized, peer-to-peer command and control infrastructure rather than centralized points of origin, which means that instructions to the infected computers can come from any of the infected computers, making a takedown of the botnet more difficult. But not impossible.

Officials announced that in addition to the criminal charges in the case, the U.S. obtained civil and criminal court orders in federal court in Pittsburgh authorizing measures to sever communications between the infected computers, re-directing these computers away from criminal servers to substitute servers under the government’s control.

The orders authorize the FBI to identity the IP addresses of the victim computers reaching out to the substitute servers and to provide that information to Computer Emergency Readiness Teams (CERTs) around the world, as well as to Internet service providers and other private sector parties who are able to assist victims in removing GameOver Zeus from their computers.

Important note: No contents of victim communications are captured or accessible in the disruption process.

The GameOver Zeus investigation, according to U.S. Deputy Attorney General James Cole, combined “traditional law enforcement techniques and cutting edge technical measures necessary to combat highly sophisticated cyber schemes targeting our citizens and businesses.”

In a related action announced today, U.S. and foreign law enforcement officials seized Cryptolocker command and control servers. Cryptolocker is a type of ransomware that locks victims’ computer files and demands a fee in return for unlocking them. Computers infected with Cryptolocker are often also infected with GameOver Zeus.

Evgeniy Bogachev, added to the FBI’s Cyber’s Most Wanted list, was identified in court documents as the leader of a gang of cyber criminals based in Russia and the Ukraine responsible for the development and operation of both the GameOver Zeus and Cryptolocker schemes.

The actions to take down GameOver Zeus were truly collaborative. “GameOver Zeus is the most sophisticated botnet the FBI and our allies have ever attempted to disrupt,” said FBI Executive Assistant Director Robert Anderson. “The efforts announced today are a direct result of the effective relationships we have with our partners in the private sector, international law enforcement, and within the U.S. government.”