Printed from http://www.electronista.com

Gameover Zeus resurrected with more robust control server connection

updated 10:07 am EDT, Tue August 19, 2014

New malware not stealing info, passwords; just growing

The Gameover Zeus botnet has re-appeared in stronger form, with most of the infections taking place inside the US. The new botnet implementation doesn't rely on the peer-to-peer methodology of the parent strain, but instead relies on a more flexible, and harder to stop, domain generation algorithm (DGA) to determine how the malware botnet will connect with command-and-control servers.

Arbor Networks researcher Dennis Schwarz said of the DGA that it "uses the current date and a randomly selected starting seed to create a domain name. If the domain doesn't pan out, the seed is incremented and the process is repeated."

At this time, the botnet is growing, and not doing much else. On July 22, a large spam campaign circulated, with the intent of distributing the new malware widely.

"In aggregate and over three weeks, our five sinkholes saw 12,353 unique source IPs from all corners of the globe." said Schwarz. These sinkholes, or avenues to capture traffic coming from the botnet, are collecting a large amount of data on the malware, due to the nature of the DGA. Not all infections are counted, but the company has a good estimate of the spread of the malware based on the data it has.

"Date-based domain generation algorithms make for excellent sinkholing targets due to their predictability, and provides security researchers the ability to estimate the size of botnets that use them," said Schwarz of the way it gathered data on infections. There isn't a widespread spam attack with Zeus going on right now. The researchers say that the malware penetration is dropping, likely due to countermeasures being taken to purge the software from infected systems.

Arbor Networks sees this as just the beginning of the new attacks. "With the infection numbers at a fraction of what they were in the P2P version of Zeus Gameover, how long will the threat actor focus on rebuilding their botnet before they return to focusing on stealing money?" Schwarz asked.



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Dell AD211 Bluetooth speaker

For all of the high-priced, over-engineered Bluetooth speakers in the electronics market, there is still room for mass-market solution ...

VisionTek 128GB USB Pocket SSD

USB flash drives dealt the death blow to both the floppy and Zip drives. While still faster than either of the old removable media, sp ...

Kodak PixPro SL10 Smart Lens Camera

Smartphone imagery still widely varies. Large Megapixel counts don't make for a good image, and the optics in some devices are lacking ...

Sponsor

toggle

Most Commented

 
toggle

Popular News