Menu
The Gameover Trojan program is back, with some modifications

The Gameover Trojan program is back, with some modifications

Cybercriminals are trying to ressurect the recently disrupted Gameover Zeus botnet, researchers say

Cybercriminals are trying to create a new botnet based on what is likely a modification of Gameover Zeus, a sophisticated Trojan program whose command-and-control infrastructure was taken over by law enforcement agencies at the beginning of June.

The Gameover Zeus malware is designed to steal log-in credentials, as well as personal and financial information from users when they access banking and other popular websites.

According to the U.S. Federal Bureau of Investigation, which took part in the Gameover botnet takedown, the Trojan program infected more than a million computers globally and led to losses of over US$100 million.

Disrupting the original botnet required special techniques and the assistance of security vendors, because unlike most Trojan programs, which use a limited number of servers and domain names for command and control, Gameover had a peer-to-peer architecture that didn't offer a single point of failure and allowed infected computers to update each other.

The malware also had a backup mechanism that relied on a domain name generation algorithm (DGA) to ensure that computers can receive commands even when they got disconnected from the peer-to-peer network. Through this mechanism the malware generated random-looking domain names at certain time intervals and tried to access them. Attackers were able to predict which domain names the bots will generate on a certain day, and could register one of those domains in advance to issue commands.

On Thursday, more than a month after the takedown, researchers from Malcovery Security spotted several email spam campaigns distributing a Trojan program that appears to be heavily based on the Gameover Zeus binary. The modification no longer relies on a peer-to-peer infrastructure and uses a DGA as the primary command-and-control mechanism.

"Malcovery analysts confirmed with the FBI and Dell SecureWorks that the original GameOver Zeus is still 'locked down'," the Malcovery researchers said Thursday in a blog post. "This new DGA list is not related to the original GameOver Zeus but bears a striking resemblance to the DGA utilized by that Trojan."

In addition to the DGA similarity, the list of URLs and strings used by the new Trojan program to decide what sites to target matches the one used by the old Gameover botnet.

"This discovery indicates that the criminals responsible for GameOver's distribution do not intend to give up on this botnet even after suffering one of the most expansive botnet takeovers/takedowns in history," the Malcovery researchers said.

Subscribe here for up-to-date channel news

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags online safetysecurityMalcovery Securitymalwarefraud

Featured

Slideshows

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards

Revealed at a glitzy bash in Sydney at the Ivy Penthouse, the first StorageCraft Partner Awards locally saw the vendor honour its top-performing partners with ASI Solutions, SMBiT Pro, Webroot, ACA Pacific and Soft Solutions New Zealand taking home the top awards. Photos by Maria Stefina.

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards
Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip

Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip

​Synnex and Lenovo hosted 18 resellers for an action-packed weekend adventure in RotoVegas, taking in white water rafting on the Kaituna River, as well as quad biking and dinner at Stratosfare​, overlooking Lake Rotorua at the top of Mount Ngongotaha​. Photos by Synnex.

Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip
Show Comments