Open main menu

Gameover ZeuS is a peer-to-peer botnet based on components from the earlier ZeuS trojan. It is believed to have been spread through use of the Cutwail botnet.[1]

Unlike its predecessor the ZeuS trojan, Gameover ZeuS uses an encrypted peer-to-peer communication system to communicate between its nodes and its command and control servers, greatly reducing its vulnerability to law enforcement operations.[1] The algorithm used appears to be modeled on the Kademlia P2P protocol.[2]

Scammers control and monitor Gameover ZeuS via Command and Control (C&C) server. The virus establishes the connection to the server as soon as its malicious executable installs on the computer, disables certain system processes, download and launch executables, or even delete essential system files, easily bricking the device.[3]

According to a report by Symantec, Gameover Zeus has largely been used for banking fraud and distribution of the CryptoLocker ransomware.[4]

In early June 2014, the U.S. Department of Justice announced that an international inter-agency collaboration named Operation Tovar had succeeded in temporarily cutting communication between Gameover ZeuS and its command and control servers.[5][6]

On 24 February 2015, the FBI announced a reward of up to $3 million in exchange for information regarding alleged Russian cyber criminal Evgeniy Mikhailovich Bogachev ( known online aliases : «Slavik», «lucky12345», «Pollingsoon», «Monstr», «IOO» and «Nu11» [7]) over his suspected association with Gameover ZeuS.[8][9]

Bitdefender has identified two Gameover ZeuS variants in the wild: one of them generates 1,000 domains per day and the other generates 10,000 per day.[10]

See alsoEdit

ReferencesEdit

  1. ^ a b Brian Krebs (2 June 2014). "'Operation Tovar' Targets 'Gameover' ZeuS Botnet, CryptoLocker Scourge". Krebs on Security.
  2. ^ By Counter Threat Unit™ (CTU) Research Team. "Gameover Zeus re-emerges without peer-to-peer capability". Secureworks.com. SecureWorks. Retrieved 9 March 2016.
  3. ^ "Zeus Trojan reigns at the top position of the most dangerous malware list". 2-spyware. 14 June 2017.
  4. ^ "International Takedown Wounds Gameover Zeus Cybercrime Network". Symantec. 2 June 2014.
  5. ^ John E. Dunn (2 June 2014). "Operation Tovar disconnects Gameover Zeus and CryptoLocker malware - but only for two weeks". TechWorld.
  6. ^ "U.S. Leads Multi-National Action Against "Gameover Zeus" Botnet and "Cryptolocker" Ransomware, Charges Botnet Administrator". U.S. Department of Justice. 2 June 2014.
  7. ^ Gilbert, David. "Gameover for Slavik - The Cybercrime Kingpin Behind the Zeus Malware. Evgeniy Bogachev unmasked". International Business Times. Retrieved 3 June 2014.
  8. ^ Perez, Evan. "U.S. puts $3 million reward for Russian cyber criminal". CNN. CNN. Retrieved 24 February 2015.
  9. ^ "US offers $3m reward for arrest of Russian hacker Evgeniy Bogachev". BBC.
  10. ^ Cosovan, Doina (6 August 2014). "Gameover Zeus Variants Targeting Ukraine, US". BitDefender LABS.