A few weeks ago we have praised a multinational effort for the takeover of the Gameover Zeus botnet, one of the most long-lived and dangerous malicious infrastructure composed by a number of compromised computers ranging from 500,000 to 1 million units.
Unfortunately, the experts from Malcovery Security have discovered that the Gameover Zeus botnet is appearing again in the wild, a new improved version has emerged from the underground. Bad actors behind the new Gameover Zeus botnet are using it for malicious spam campaigns with the intent to steal financial information from the infected machines.
Researchers at Malcovery Security spotted a different spam messages masquerading as legitimate emails from banks and financial institutions.
“Today Malcovery’s analysts identified a new Trojan based heavily on the Gameover Zeus binary. It was distributed as the attachment to three spam email templates, utilising the simplest method of infection through which this Trojan is deployed,” “From 9.06am to 9.55am we saw spam messages claiming to be from NatWest. The longest lasting of the spam campaigns was imitating M&T Bank, with a subject of ‘E100 MTB ACHMonitor Event Notification’. That campaign is still ongoing.” states the post published by the company.
The discovery of an improved version of the Gameover Zeus botnet is not a surprise for many security experts who warned law enforcement about the possibility that cybercrime ecosystem will respond to the international takeover with new a new powerful variant and new malicious campaigns.
From technical point of view, experts at Malcovery explained that the new Gameover Zeus botnet has a more resilient control infrastructure. The attacker implemented the Fast Flux is a technique to obfuscate the true location of the command server by building a tiered infrastructure. In the Fast Flux model systems act as proxies to make difficult to track and take down the botnet.
“The malware seems to have traded its peer-to-peer infrastructure for a new Fast Flux hosted C&C strategy,” states the post.
The analysis conducted by the expert confirmed that the new GameOver Zeus trojan share many characteristic with previous version, including the list of “URLs and URL substrings targeted by the malware for Web injects, form-grabs, and other information stealing capabilities.”
The criminals responsible for the distribution of the new GameOver Zeus Botnet will probably use in the next months the infrastructure to spread different variants and type of malicious codes, including banking trojan and ransomware.
Security Affairs – (Gameover Zeus, banking)
Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November…
A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute…
The Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned four Iranian nationals for their…
A cyber attack on Leicester City Council resulted in certain street lights remaining illuminated all…
The National Police Agency in South Korea warns that North Korea-linked threat actors are targeting…
The U.S. Department of State imposed visa restrictions on 13 individuals allegedly linked to the…
This website uses cookies.