The game is not yet over for Gameover Zeus botnet

The game is not yet over for Gameover Zeus botnet

F-Secure's latest Threat Report highlights concerns that the force behind CryptoLocker ransomware was disabled but not destroyed.

If you've ever watched a horror movie, you know the trope where the hero seemingly kills the monster, but as soon as he turns his back to walk away the monster regains consciousness and attacks again with renewed vigor. According to the latest report from F-Secure, that's the sort of scenario we might be looking at with the Gameover Zeus botnet.

Gameover Zeus, or GOZ, is a massive botnet that was effectively knocked out of commission through a concerted multinational effort dubbed "Operation Tovar" involving the U.S. Department of Justice, law enforcement, foreign government agencies, and private security companies. The botnet was the driving force behind CryptoLocker ransomware, which encrypts all the data on the compromised system and demands a ransom payment from the user to purchase the decryption key.

But according to Sean Sullivan, security advisor for F-Secure Labs, All Operation Tovar did was cut off the head of the botnet. The takedown took out the command-and-control structure, but compromised machines remain compromised, and the broader threat is still out there.

"The botnet was disrupted but not completely destroyed," Sullivan says. "Its creator was not arrested, is still at large, and is currently building a new botnet to replace the old."

The concern is that a new command-and-control structure could emerge and continue to leverage the millions of compromised systems. Sullivan also suggests that a future version of GOZ could include some form of "self-destruct" bomb that automatically encrypts or erases all data on compromised PCs in the event the system is unable to communicate with the command-and-control servers within a prescribed period of time.

Gameover Zeus is not the only thing in the F-Secure Threat Report. There are plenty of interesting details like 25 new Mac threat variants, the prevalence of Android malware threats, and the fact that a significant percentage of threats appear to be web-based attacks. Download the F-Secure Threat Report H1 2014 yourself to dive into the details. For more information, you can also watch the F-Secure Labs Threat Report Google Hangouts recording.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags securitymalwarebotnetf-secureU.S. Department of Justice



Meet the leading customer-centric Microsoft channel partners

Meet the leading customer-centric Microsoft channel partners

Microsoft honoured leading partners across the channel following a year of customer innovation and market growth in New Zealand. The 2018 Microsoft Partner Awards recognised excellence within the context of the end-user, spanning a host of emerging and established providers.

Meet the leading customer-centric Microsoft channel partners
Reseller News launches new-look Awards at 2018 Judges’ Lunch

Reseller News launches new-look Awards at 2018 Judges’ Lunch

Introducing the Reseller News Innovation Awards, launched to the channel at the 2018 Judges’ Lunch in Auckland. With more than 70 judges now part of the voting panel, the new-look awards will reflect the changing dynamics of the channel, recognising excellence across customer value and innovation - spanning start-ups, partners, distributors and vendors.

Reseller News launches new-look Awards at 2018 Judges’ Lunch
Show Comments