Menu
The Gameover Trojan program is back, with some modifications

The Gameover Trojan program is back, with some modifications

Cybercriminals are trying to ressurect the recently disrupted Gameover Zeus botnet, researchers say

Cybercriminals are trying to create a new botnet based on what is likely a modification of Gameover Zeus, a sophisticated Trojan program whose command-and-control infrastructure was taken over by law enforcement agencies at the beginning of June.

The Gameover Zeus malware is designed to steal log-in credentials, as well as personal and financial information from users when they access banking and other popular websites.

According to the U.S. Federal Bureau of Investigation, which took part in the Gameover botnet takedown, the Trojan program infected more than a million computers globally and led to losses of over US$100 million.

Disrupting the original botnet required special techniques and the assistance of security vendors, because unlike most Trojan programs, which use a limited number of servers and domain names for command and control, Gameover had a peer-to-peer architecture that didn't offer a single point of failure and allowed infected computers to update each other.

The malware also had a backup mechanism that relied on a domain name generation algorithm (DGA) to ensure that computers can receive commands even when they got disconnected from the peer-to-peer network. Through this mechanism the malware generated random-looking domain names at certain time intervals and tried to access them. Attackers were able to predict which domain names the bots will generate on a certain day, and could register one of those domains in advance to issue commands.

On Thursday, more than a month after the takedown, researchers from Malcovery Security spotted several email spam campaigns distributing a Trojan program that appears to be heavily based on the Gameover Zeus binary. The modification no longer relies on a peer-to-peer infrastructure and uses a DGA as the primary command-and-control mechanism.

"Malcovery analysts confirmed with the FBI and Dell SecureWorks that the original GameOver Zeus is still 'locked down'," the Malcovery researchers said Thursday in a blog post. "This new DGA list is not related to the original GameOver Zeus but bears a striking resemblance to the DGA utilized by that Trojan."

In addition to the DGA similarity, the list of URLs and strings used by the new Trojan program to decide what sites to target matches the one used by the old Gameover botnet.

"This discovery indicates that the criminals responsible for GameOver's distribution do not intend to give up on this botnet even after suffering one of the most expansive botnet takeovers/takedowns in history," the Malcovery researchers said.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags online safetysecurityMalcovery Securitymalwarefraud

Slideshows

Top 50 defining moments of the New Zealand channel in 2016

Top 50 defining moments of the New Zealand channel in 2016

Reseller News looks back on a tumultuous 12 months for the New Zealand channel, assessing the fallout from a year of sizeable industry change. Whether it be local or global mergers and acquisitions, distribution deals or job changes, the channel that started the year differs somewhat to the one set to finish it - Reseller News assesses the key moments that made 2016.​

Top 50 defining moments of the New Zealand channel in 2016
​Hewlett Packard Enterprise honours high achieving NZ channel

​Hewlett Packard Enterprise honours high achieving NZ channel

Hewlett Packard Enterprise honoured its top performing Kiwi partners at the second running of its HPE Partner Awards in New Zealand, held at a glitzy ceremony in Auckland. Recognising excellence across eight categories - from distributors to resellers - the tech giant celebrated its first year as a standalone company, following its official split from HP in 2015.

​Hewlett Packard Enterprise honours high achieving NZ channel
Nutanix treats channel partners to Christmas cruise

Nutanix treats channel partners to Christmas cruise

Nutanix recently took to the seas for a Christmas Cruise around Sydney Harbour with its Australia and New Zealand staff, customers and partners to celebrate a stellar year for the vendor. With the sun out, they were all smiles and mingled over drinks and food.

Nutanix treats channel partners to Christmas cruise
Show Comments