AAPL Stock: 122.77 ( -1.73 )

Printed from

Gameover Zeus resurrected with more robust control server connection

updated 10:07 am EDT, Tue August 19, 2014

New malware not stealing info, passwords; just growing

The Gameover Zeus botnet has re-appeared in stronger form, with most of the infections taking place inside the US. The new botnet implementation doesn't rely on the peer-to-peer methodology of the parent strain, but instead relies on a more flexible, and harder to stop, domain generation algorithm (DGA) to determine how the malware botnet will connect with command-and-control servers.

Arbor Networks researcher Dennis Schwarz said of the DGA that it "uses the current date and a randomly selected starting seed to create a domain name. If the domain doesn't pan out, the seed is incremented and the process is repeated."

At this time, the botnet is growing, and not doing much else. On July 22, a large spam campaign circulated, with the intent of distributing the new malware widely.

"In aggregate and over three weeks, our five sinkholes saw 12,353 unique source IPs from all corners of the globe." said Schwarz. These sinkholes, or avenues to capture traffic coming from the botnet, are collecting a large amount of data on the malware, due to the nature of the DGA. Not all infections are counted, but the company has a good estimate of the spread of the malware based on the data it has.

"Date-based domain generation algorithms make for excellent sinkholing targets due to their predictability, and provides security researchers the ability to estimate the size of botnets that use them," said Schwarz of the way it gathered data on infections. There isn't a widespread spam attack with Zeus going on right now. The researchers say that the malware penetration is dropping, likely due to countermeasures being taken to purge the software from infected systems.

Arbor Networks sees this as just the beginning of the new attacks. "With the infection numbers at a fraction of what they were in the P2P version of Zeus Gameover, how long will the threat actor focus on rebuilding their botnet before they return to focusing on stealing money?" Schwarz asked.

by MacNN Staff





Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

15-inch MacBook Pro with Force Touch

Apple's 15-inch Retina MacBook Pro continues to be a popular notebook with professional users and prosumers looking for the ultimate ...

Typo keyboard for iPad

Following numerous legal shenanigans between Typo -- a company founded in part by Ryan Seacrest -- and the clear object of his physica ...

Entry-level 27-inch Retina iMac

The 27-inch Apple iMac with 5K Retina display is already one of the best value-for-money Macs that Apple has ever released. It was som ...


Most Commented