THE GAMEOVER ZEUS malware, which recently was the focus of a high profile takedown operation, has returned in the form of an evolved campaign sending out malicious spam messages.
The evolved campaign was spotted by Malcovery Security, who reported its findings after noticing a number of malicious spam messages masquerading as legitimate emails from banks.
"Today Malcovery's analysts identified a new trojan based heavily on the Gameover Zeus binary, the firm's blog post read. "It was distributed as the attachment to three spam email templates, utilizing the simplest method of infection through which this trojan is deployed."
Malcovery Security said that it saw spam messages from 9:06am to 9:55am claiming to be from Natwest, with the longest lasting of the spam campaigns imitating M&T Bank, with a subject of "E100 MTB ACH Monitor Event Notification". This campaign is still ongoing, the firm said.
The end goals of the attacks reportedly are to steal financial information from the victim. However, Malcovery reported the new Gameover Zeus botnet has a more robust infrastructure that makes it even more difficult to combat than the previous iteration.
"The malware seems to have traded its Peer to Peer Infrastructure for a new Fast Flux hosted command and control (C&C) strategy," the post said.
"This discovery indicates that the criminals responsible for Gameover's distribution do not intend to give up on this botnet even after suffering one of the most expansive botnet takeovers/takedowns in history."
The comeback of the botnet follows a global takedown operation to stop Gameover Zeus in its tracks. Law enforcement agencies across the globe, including the UK National Crime Agency (NCA), temporarily shut down the Gameover Zeus botnet, which was estimated to have enslaved between 500,000 to one million computers at its peak in June.
The NCA announced that an international operation had temporarily weakened the global network of infected computers, providing a particularly strong two-week opportunity for members of the public to rid themselves of the malware and help prevent future infections.
However, later in the same month, the UK National Crime Agency (NCA) warned users to lock down their systems to protect against Gameover Zeus as well as the Cryptolocker malware variants and said that UK computer users still had time to protect themselves from the malware threats, saying that although the number of infections had decreased, users were still vulnerable to infection. µ
Sign up for INQbot – a weekly roundup of the best from the INQ