Last month, the authorities announced that they had inflicted a serious blow against cybercrime, by seizing control of a large amount of the internet infrastructure being used by the GameOver Zeus (GOZ) malware and CryptoLocker ransomware threats.
Having hijacked up to one million computers around the world to send spam, launch malware attacks and steal banking credentials, the GameOverZeus gang is thought to have caused $100 million worth of losses since September 2011.
The FBI even published a “Wanted Poster” of Evgeniy Mikhailovich Bogachev, the alleged mastermind of the GameOver Zeus gang and keen Black Sea sailor, in the hope that a member of the public might be able to help track him down.
So, you might imagine that we don’t have to worry about GameOver Zeus any more.
But you would be wrong.
Researchers at Malcovery Security say that they have intercepted a new version of the banking Trojan horse that has been distributed via malicious spam campaigns, disguised as messages from the NatWest bank, the Essentra packing company, and M&T Bank.
Did any of us really believe that the cybercriminals would roll over an give up because of the GameOver Zeus takedown? If so, we were guilty of wild optimism.
When online criminals see their income stream disrupted they aren’t likely to suddenly change their spots and take the road of legitimate lawful business. Inevitably they will try to find ways to still steal money from innocent computer users.
Sadly I’m not surprised to see this new incarnation of GameOver Zeus being spread. It may use a different domain generation algorithm, as Malcovery describes, in response to the authorities’ takedown, but it is clearly heavily influenced by its predecessor.
Time will tell if new versions of the malware will be as successful as those that have gone before it – we can only hope that users are getting smarter about keeping their computers properly protected.
Learn more about the threat by reading the article by Malcovery’s research team.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.