GameOver Zeus malware returns from the dead

Zeus Last month, the authorities announced that they had inflicted a serious blow against cybercrime, by seizing control of a large amount of the internet infrastructure being used by the GameOver Zeus (GOZ) malware and CryptoLocker ransomware threats.

Having hijacked up to one million computers around the world to send spam, launch malware attacks and steal banking credentials, the GameOverZeus gang is thought to have caused $100 million worth of losses since September 2011.

The FBI even published a “Wanted Poster” of Evgeniy Mikhailovich Bogachev, the alleged mastermind of the GameOver Zeus gang and keen Black Sea sailor, in the hope that a member of the public might be able to help track him down.

Bogachev mugshot

Sign up to our free newsletter.
Security news, advice, and tips.

So, you might imagine that we don’t have to worry about GameOver Zeus any more.

But you would be wrong.

Researchers at Malcovery Security say that they have intercepted a new version of the banking Trojan horse that has been distributed via malicious spam campaigns, disguised as messages from the NatWest bank, the Essentra packing company, and M&T Bank.

Malicious email

Did any of us really believe that the cybercriminals would roll over an give up because of the GameOver Zeus takedown? If so, we were guilty of wild optimism.

When online criminals see their income stream disrupted they aren’t likely to suddenly change their spots and take the road of legitimate lawful business. Inevitably they will try to find ways to still steal money from innocent computer users.

Sadly I’m not surprised to see this new incarnation of GameOver Zeus being spread. It may use a different domain generation algorithm, as Malcovery describes, in response to the authorities’ takedown, but it is clearly heavily influenced by its predecessor.

Time will tell if new versions of the malware will be as successful as those that have gone before it – we can only hope that users are getting smarter about keeping their computers properly protected.

Learn more about the threat by reading the article by Malcovery’s research team.

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.


Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Follow him on Twitter, Mastodon, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.