Zeus Shines On – The Return of the $100 bn Banking Malware

Posted DateJuly 22, 2014
Posted Time 2   min Read

The Gameover Zeus malware has returned from the dead, stronger and deadlier than before. U.S authorities had stated as recently as six weeks ago that they had broken up a major hacker network by taking control over the internet infrastructure being used by the GameOver Zeus (GOZ) malware and CryptoLocker ransomware threats. And even as the Department of Justice claimed that they had made progress in weeding out the malware infection, Zeus struck again.

History of Zeus Malware

Gameover Zeus first appeared in September 2011. FBI had held Gameover Zeus botnet responsible for the theft of more than $100 mn, since then.

One million computers were hijacked around the world to send spam, launch malware attacks and thereby steal bank credentials. The money was stolen by using the stolen bank data which was then used to divert the money from the victim’s account to themselves.

In a bid to catch the alleged mastermind behind the GameOver Zeus and infamous CryptoLocker ransomware gang, FBI had published a “Wanted Poster” of Evgeniy Mikhailovich Bogachev. They were hoping that someone might spot him in the public and they could then capture him.

Is Gameover Zeus really back?

Analysts have confirmed with FBI that the original GameOver Zeus is still “locked down.” The new Trojan is an advanced and more resilient form of the GameOver Zeus binary and was spread as messages in an attachment from the NatWest bank, the Essentra packing company, and M&T Bank. Once the user opens the attachment, the malware starts making contact with certain websites, which in turn can provide instructions to the malware.

A security firm stated that the new Trojan can prove to be harder to deal with as it is using “an evasive technique that allows the botnet to hide its distributive phishing sites behind a constantly shuffling list of infected, proxy computers.”  It is being speculated to be designed to steal sensitive information like log-in credentials and financial information.

While it’s too early to say whether this new Trojan will be as effective as its predecessor, the fact that it surfaced within a month of the FBI’s takedown operation, gives clear indications about the intent of the perpetrators. They are in no mood to give up this botnet which made their wallets heavier by a $100 mn.

Stay tuned for more relevant and interesting security articles. Follow Indusface on FacebookTwitter, and LinkedIn.

web application security banner

Venkatesh Sundar

Venky is an Application Security technologist who built the new age Web application Scanner and Cloud WAF - AppTrana at Indusface as a Founding CTO. Currently, he spends his time on driving Product Roadmap, Customer Success, Growth, and technology adoption for US businesses.

Share Article:

Join 51000+ Security Leaders

Get weekly tips on blocking ransomware, DDoS and bot attacks and Zero-day threats.

We're committed to your privacy. indusface uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.