GoZeuS Returns a Month after Authorities Take Measures Against the Malware
Gabriel Roşu / 10 years ago
Though authorities had taken action against the GoZeuS and CryptoLocker malware which stole hundreds of thousands of banking logins from users and blackmail them for millions of pounds, it seems that the malwares are back. A month after the campaign, online criminals seem to have tried to rebuild the sophisticated software named GameOver ZeuS, having researchers warn that new threats using much of the same code are aimed at UK users.
Reports say that the ‘original strain’ of the malware targeted by authorities around the world, including the NSA and the FBI, has been in a decline since the campaign started. However, it appears that criminals are now re-establishing the GameOver botnets by taking the original code and reworking it to avoid detection, much like a biological virus modifies its genetic code in order to survive medicine administered against it.
A security company by the name of Malcovery has stated that the new trojan based on the GameOver Zeus binary is spreading through spam emails, claiming to be from the NatWest bank, coming with an attached statement in the content. Anyone who opens the ‘statement’ are said to risk infection, since traditional anti-virus software cannot detect the malicious software. Also, the CEO of Heimdal Security, Morten Kjærsgaard, states that the heads of the original GoZeuS will try to use lesser-known strains in order to avoid law enforcement agencies detecting it.
“Until we start to see a more clear movement pattern of these new Zeus variants, which are starting to surface, we can’t say anything definitive about their extent,” said Kjærsgaard. “There is no doubt though, that many small malware variants could pose the same financial problem for end users as one big nasty piece of malware.” he added.
While the GameOver Zeus botnet earned more than $100 million for its creators, more infections are likely to take place given the new strains. In June however, US authorities are said to have named Evgeniy Bogachev, a Russian national, as the main suspect behind the original malware.