AAPL Stock: 118.88 ( + 1.13 )

Printed from

Gameover Zeus resurrected with more robust control server connection

updated 10:07 am EDT, Tue August 19, 2014

New malware not stealing info, passwords; just growing

The Gameover Zeus botnet has re-appeared in stronger form, with most of the infections taking place inside the US. The new botnet implementation doesn't rely on the peer-to-peer methodology of the parent strain, but instead relies on a more flexible, and harder to stop, domain generation algorithm (DGA) to determine how the malware botnet will connect with command-and-control servers.

Arbor Networks researcher Dennis Schwarz said of the DGA that it "uses the current date and a randomly selected starting seed to create a domain name. If the domain doesn't pan out, the seed is incremented and the process is repeated."

At this time, the botnet is growing, and not doing much else. On July 22, a large spam campaign circulated, with the intent of distributing the new malware widely.

"In aggregate and over three weeks, our five sinkholes saw 12,353 unique source IPs from all corners of the globe." said Schwarz. These sinkholes, or avenues to capture traffic coming from the botnet, are collecting a large amount of data on the malware, due to the nature of the DGA. Not all infections are counted, but the company has a good estimate of the spread of the malware based on the data it has.

"Date-based domain generation algorithms make for excellent sinkholing targets due to their predictability, and provides security researchers the ability to estimate the size of botnets that use them," said Schwarz of the way it gathered data on infections. There isn't a widespread spam attack with Zeus going on right now. The researchers say that the malware penetration is dropping, likely due to countermeasures being taken to purge the software from infected systems.

Arbor Networks sees this as just the beginning of the new attacks. "With the infection numbers at a fraction of what they were in the P2P version of Zeus Gameover, how long will the threat actor focus on rebuilding their botnet before they return to focusing on stealing money?" Schwarz asked.

by MacNN Staff



Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Ultimate Ears Megaboom Bluetooth Speaker

Ultimate Ears (now owned by Logitech) has found great success in the marketplace with its "Boom" series of Bluetooth speakers, a mod ...

Kinivo URBN Premium Bluetooth Headphones

We love music, and we're willing to bet that you do, too. If you're like us, you probably spend a good portion of your time wearing ...

Jamstik+ MIDI Controller

For a long time the MIDI world has been dominated by keyboard-inspired controllers. Times are changing however, and we are slowly star ...


Most Commented