Gameover Zeus was locked down by the U.S. Department of Justice last month but it seems a new form of the botnet has been resurrected. The extent of the infection hasn't been determined but banking and financial institutions are the same targets.
A new trojan has been identified by Malcovery analysts and it's heavily based on the Gameover Zeus that the U.S. Department took down just last month. Though complex in nature, the new trojan was distributed in the simplest way a system can be infected: email attachments. Spam messages were sent to emails with a .zip attachment and so far Malcover has discovered three versions of the campaign. All spam messages contained attachments bearing the same file.
With such a close resemblance to the Gameover Zeus botnet, isn't the new trojan just the old one being reanimated? Justice Department says it's not. "The Justice Department informed the Court that the technical and legal measures undertaken to disrupt Gameover Zeus and Cryptolocker have proven successful, and that significant progress has been made in remediating computers infected with Gameover Zeus," it said in a report to the Supreme Court. All or almost all of the active computers that have been infected by the botnet have also been liberated from the control of the criminals, all communicating exclusively now with substitute servers established by the department.
All this trouble began with the original Zeus botnet which the FBI targeted in 2010. At that time, the malware was being used to capture credentials in secret which would then be used to access and wipe out the targeted individual's bank accounts. In 2013, it was reported that an Algerian, 24-year-old Hamza Bendelladj, was arrested and the Zeus and EyeSpy malware networks were shut down.
But it didn't stop there. Zeus components reappeared later in the form of Gameover Zeus, an enhanced, better-encrypted, peer-to-peer communication version of the botnet which was designed to make infections more difficult to track. The Justice Department launched a global collaboration and was successful in breaking the control infections had on affected machines. Unfortunately, more than $1 million had already been stolen before the Gameover Zeus could be stopped.
What does the Malcovery discovery mean? It simply points out the fact that the criminal entities behind Gameover Zeus have not completely given up on the botnet and that threats are still very much real.