Menu
The game is not yet over for Gameover Zeus botnet

The game is not yet over for Gameover Zeus botnet

F-Secure's latest Threat Report highlights concerns that the force behind CryptoLocker ransomware was disabled but not destroyed.

If you've ever watched a horror movie, you know the trope where the hero seemingly kills the monster, but as soon as he turns his back to walk away the monster regains consciousness and attacks again with renewed vigor. According to the latest report from F-Secure, that's the sort of scenario we might be looking at with the Gameover Zeus botnet.

Gameover Zeus, or GOZ, is a massive botnet that was effectively knocked out of commission through a concerted multinational effort dubbed "Operation Tovar" involving the U.S. Department of Justice, law enforcement, foreign government agencies, and private security companies. The botnet was the driving force behind CryptoLocker ransomware, which encrypts all the data on the compromised system and demands a ransom payment from the user to purchase the decryption key.

But according to Sean Sullivan, security advisor for F-Secure Labs, All Operation Tovar did was cut off the head of the botnet. The takedown took out the command-and-control structure, but compromised machines remain compromised, and the broader threat is still out there.

"The botnet was disrupted but not completely destroyed," Sullivan says. "Its creator was not arrested, is still at large, and is currently building a new botnet to replace the old."

The concern is that a new command-and-control structure could emerge and continue to leverage the millions of compromised systems. Sullivan also suggests that a future version of GOZ could include some form of "self-destruct" bomb that automatically encrypts or erases all data on compromised PCs in the event the system is unable to communicate with the command-and-control servers within a prescribed period of time.

Gameover Zeus is not the only thing in the F-Secure Threat Report. There are plenty of interesting details like 25 new Mac threat variants, the prevalence of Android malware threats, and the fact that a significant percentage of threats appear to be web-based attacks. Download the F-Secure Threat Report H1 2014 yourself to dive into the details. For more information, you can also watch the F-Secure Labs Threat Report Google Hangouts recording.


Follow Us

Join the newsletter!

Or
Error: Please check your email address.

Tags securitymalwarebotnetf-secureU.S. Department of Justice

Featured

Slideshows

Bumper channel crowd kicks off first After Hours of 2018

Bumper channel crowd kicks off first After Hours of 2018

After Hours made a welcome return to the channel social calendar with a bumper crowd of partners, distributors and vendors descending on The Jefferson in Auckland to kick-start 2018. Photos by Gino Demeer.

Bumper channel crowd kicks off first After Hours of 2018
Looking back at the top 15 M&A deals in NZ during 2017

Looking back at the top 15 M&A deals in NZ during 2017

In 2017, merger and acquisitions fever reached new heights in New Zealand, with a host of big name deals dominating the headlines. Reseller News recaps the most important transactions of the Kiwi channel during the past 12 months.

Looking back at the top 15 M&A deals in NZ during 2017
Kiwi channel closes 2017 with After Hours

Kiwi channel closes 2017 with After Hours

The channel in New Zealand came together to celebrate the close of 2017, as the final After Hours played out in front of a bumper Auckland crowd.

Kiwi channel closes 2017 with After Hours
Show Comments