GameOver Zeus returns to North America and Europe

Security

by Jimmy Nicholls| 12 August 2014

Signs of trojan resurgence in the US, Ukraine and Belarus.

Two variants of the GameOver Zeus (GOZeuS) trojan have been spotted in the wild by security firm Bitdefender.

While one is mostly targeting the US, the other is based primarily in Ukraine and Belarus, based on the number of infected IP addresses contacting the company's sinkholes.

Bitdefender said: "Although there have been multiple domains registered for the botnet targeting US lately, we found none for the botnet targeting Ukraine and Belarus, meaning that no-one is using the bots at this moment.

"However, the botnet could find itself with a new master anytime."

5,000 machines infected by the first strain were found in the US, with around 3,000 infected by the second strain residing in Ukraine or Belarus.

Both versions use a domain generation algorithm (DGA) to create domains active only for a day, making it more difficult for cyber security teams to fight.

At the beginning of June international police took down a GOZeuS botnet run by a gang based between Ukraine and Russia for two weeks, but since then reports have emerged about the return of malware, which also distributes CryptoLocker ransomware.

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

754 people like this.
0 people follow this.

Security Intelligence

Buy the latest industry research online today!
See more

Suppliers Directory

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.