Menu
The game is not yet over for Gameover Zeus botnet

The game is not yet over for Gameover Zeus botnet

F-Secure's latest Threat Report highlights concerns that the force behind CryptoLocker ransomware was disabled but not destroyed.

If you've ever watched a horror movie, you know the trope where the hero seemingly kills the monster, but as soon as he turns his back to walk away the monster regains consciousness and attacks again with renewed vigor. According to the latest report from F-Secure, that's the sort of scenario we might be looking at with the Gameover Zeus botnet.

Gameover Zeus, or GOZ, is a massive botnet that was effectively knocked out of commission through a concerted multinational effort dubbed "Operation Tovar" involving the U.S. Department of Justice, law enforcement, foreign government agencies, and private security companies. The botnet was the driving force behind CryptoLocker ransomware, which encrypts all the data on the compromised system and demands a ransom payment from the user to purchase the decryption key.

But according to Sean Sullivan, security advisor for F-Secure Labs, All Operation Tovar did was cut off the head of the botnet. The takedown took out the command-and-control structure, but compromised machines remain compromised, and the broader threat is still out there.

"The botnet was disrupted but not completely destroyed," Sullivan says. "Its creator was not arrested, is still at large, and is currently building a new botnet to replace the old."

The concern is that a new command-and-control structure could emerge and continue to leverage the millions of compromised systems. Sullivan also suggests that a future version of GOZ could include some form of "self-destruct" bomb that automatically encrypts or erases all data on compromised PCs in the event the system is unable to communicate with the command-and-control servers within a prescribed period of time.

Gameover Zeus is not the only thing in the F-Secure Threat Report. There are plenty of interesting details like 25 new Mac threat variants, the prevalence of Android malware threats, and the fact that a significant percentage of threats appear to be web-based attacks. Download the F-Secure Threat Report H1 2014 yourself to dive into the details. For more information, you can also watch the F-Secure Labs Threat Report Google Hangouts recording.

Subscribe here for up-to-date channel news

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags U.S. Department of Justicesecurityf-securebotnetmalware

Featured

Slideshows

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards

Revealed at a glitzy bash in Sydney at the Ivy Penthouse, the first StorageCraft Partner Awards locally saw the vendor honour its top-performing partners with ASI Solutions, SMBiT Pro, Webroot, ACA Pacific and Soft Solutions New Zealand taking home the top awards. Photos by Maria Stefina.

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards
Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip

Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip

​Synnex and Lenovo hosted 18 resellers for an action-packed weekend adventure in RotoVegas, taking in white water rafting on the Kaituna River, as well as quad biking and dinner at Stratosfare​, overlooking Lake Rotorua at the top of Mount Ngongotaha​. Photos by Synnex.

Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip
Show Comments