GameOver Zeus malware returns from the dead

Zeus Last month, the authorities announced that they had inflicted a serious blow against cybercrime, by seizing control of a large amount of the internet infrastructure being used by the GameOver Zeus (GOZ) malware and CryptoLocker ransomware threats.

Having hijacked up to one million computers around the world to send spam, launch malware attacks and steal banking credentials, the GameOverZeus gang is thought to have caused $100 million worth of losses since September 2011.

The FBI even published a “Wanted Poster” of Evgeniy Mikhailovich Bogachev, the alleged mastermind of the GameOver Zeus gang and keen Black Sea sailor, in the hope that a member of the public might be able to help track him down.

Bogachev mugshot

So, you might imagine that we don’t have to worry about GameOver Zeus any more.

But you would be wrong.

Sign up to our free newsletter.
Security news, advice, and tips.

Researchers at Malcovery Security say that they have intercepted a new version of the banking Trojan horse that has been distributed via malicious spam campaigns, disguised as messages from the NatWest bank, the Essentra packing company, and M&T Bank.

Malicious email

Did any of us really believe that the cybercriminals would roll over an give up because of the GameOver Zeus takedown? If so, we were guilty of wild optimism.

When online criminals see their income stream disrupted they aren’t likely to suddenly change their spots and take the road of legitimate lawful business. Inevitably they will try to find ways to still steal money from innocent computer users.

Sadly I’m not surprised to see this new incarnation of GameOver Zeus being spread. It may use a different domain generation algorithm, as Malcovery describes, in response to the authorities’ takedown, but it is clearly heavily influenced by its predecessor.

Time will tell if new versions of the malware will be as successful as those that have gone before it – we can only hope that users are getting smarter about keeping their computers properly protected.

Learn more about the threat by reading the article by Malcovery’s research team.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.