Zeus - a triumph or a time to panic?

Shadow of hand over computerThinkstock
By Rory Cellan-Jones
Technology correspondent
@BBCRoryCJ

For once, it seemed, the forces of law and order had struck a mighty blow against the cybercriminals who are making the internet so dangerous for many ordinary users.

An international operation led by the FBI had taken control of the GameOver Zeus botnet, a network of captured computers used to steal millions of dollars from individuals and small businesses around the world.

Police agencies, technology companies and internet service providers had all collaborated in the operation, and the seizing of the botnet meant that many of those whose computers had, unbeknown to them, been captured, could be warned and helped to disinfect them. Sure, the criminals were bound to regroup - but for a while at least the threat from the various strains of malware unleashed by the criminals was reduced..

But that was not how the British authorities played it. Even before the FBI's press conference announcing that it had identified the Russian behind the conspiracy, the National Crime Agency put out a press release with the headline: "Two-week opportunity for UK to reduce threat from powerful computer attack".

The NCA urged people to "protect themselves against powerful malicious software (malware), which may be costing UK computer users millions of pounds". In other words, we may have dealt a blow to the criminals, but they will be back and there is now a brief window where you can secure your defences against them.

So for the Americans, the glass was half-full, with the FBI trumpeting a success, while the British saw it as half-empty, with the criminals bound to launch more devastating attacks soon. Now you could see this as a pretty savvy move by the NCA to get us all to think more clearly about our online security.

The trouble was what happened next. The NCA gave no very clear advice to a (no doubt) weary public about how to protect themselves, beyond saying people needed to make sure their computers were up to date and they had security software installed. But the agency did point people to the Get Safe Online site where there were various tools to check whether your computer was infected.`

But very quickly the website collapsed, perhaps under the weight of the traffic, and for many hours it was inaccessible. A massive siren had been set off, people were running in all directions, but nobody was telling them where they should be heading.

Thinkstock

Now the body charged with issuing alerts about cyber threats CERT UK has posted the warning from the NCA. It recommends that "to address GOZ infections" people should use and update anti-virus software, keep operating systems up to date, and use anti-malware tools.

That is obviously good advice at any time, although CERT should make it clear that only computers running Windows software are affected. But the alert also has this message: "Change your passwords - your original passwords may have been compromised during the infection, so you should change them."

This last point is surely completely unrealistic. In the last few months we have had the Heartbleed scare and the eBay hacking incident, and in both cases people have been urged to change all their passwords. I suspect many will have ignored that advice then, and will do the same this time when the threat is less clear.

Now, Gameover Zeus is obviously a vicious piece of malware which has the potential to cost people a lot of money, and it's thought around 15,000 UK computers have been infected. But looking back over the list of CERT alerts, I see no mention of it since the body started its work last September. Surely it would have been better to raise the red flag when the danger was its highest rather than now when it has temporarily been lessened?

This may be rather unkind but why is it that I keep hearing a distant voice from that fine programme Dad's Army? "Don't panic, Mr Mainwaring, don't panic!"