The Inquirer-Home

Gameover Zeus malware returns stronger than ever

Has returned as an evolved campaign sending malicious spam messages
Fri Jul 11 2014, 12:16
Digital security padlock red image

THE GAMEOVER ZEUS malware, which recently was the focus of a high profile takedown operation, has returned in the form of an evolved campaign sending out malicious spam messages.

The evolved campaign was spotted by Malcovery Security, who reported its findings after noticing a number of malicious spam messages masquerading as legitimate emails from banks.

"Today Malcovery's analysts identified a new trojan based heavily on the Gameover Zeus binary, the firm's blog post read. "It was distributed as the attachment to three spam email templates, utilizing the simplest method of infection through which this trojan is deployed."

Malcovery Security said that it saw spam messages from 9:06am to 9:55am claiming to be from Natwest, with the longest lasting of the spam campaigns imitating M&T Bank, with a subject of "E100 MTB ACH Monitor Event Notification". This campaign is still ongoing, the firm said.

The end goals of the attacks reportedly are to steal financial information from the victim. However, Malcovery reported the new Gameover Zeus botnet has a more robust infrastructure that makes it even more difficult to combat than the previous iteration.

"The malware seems to have traded its Peer to Peer Infrastructure for a new Fast Flux hosted command and control (C&C) strategy," the post said.

"This discovery indicates that the criminals responsible for Gameover's distribution do not intend to give up on this botnet even after suffering one of the most expansive botnet takeovers/takedowns in history."

The comeback of the botnet follows a global takedown operation to stop Gameover Zeus in its tracks. Law enforcement agencies across the globe, including the UK National Crime Agency (NCA), temporarily shut down the Gameover Zeus botnet, which was estimated to have enslaved between 500,000 to one million computers at its peak in June.

The NCA announced that an international operation had temporarily weakened the global network of infected computers, providing a particularly strong two-week opportunity for members of the public to rid themselves of the malware and help prevent future infections.

However, later in the same month, the UK National Crime Agency (NCA) warned users to lock down their systems to protect against Gameover Zeus as well as the Cryptolocker malware variants and said that UK computer users still had time to protect themselves from the malware threats, saying that although the number of infections had decreased, users were still vulnerable to infection. µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

INQ Poll

Happy new year!

What tech are you most looking forward to in 2015