Researcher traces 'Gameover' malware to maker of Zeus
Cybercrime gang pays dev to build 'private' version of notorious money-stealing malware
Computerworld - The "Gameover" malware that the FBI warned users about earlier this month is a preview of the next version of the even-more-notorious Zeus money-stealing Trojan, a security researcher said today.
"Gameover represents the latest and greatest source code package from the Zeus author," said Don Jackson, senior security researcher with Dell SecureWorks' counter-threat unit. "[New features] in Gameover will be rolled into the final Zeus version 3, which is in beta and will wrap up soon if it hasn't already."
Two weeks ago, the FBI warned of increased action by Gameover, including rounds of spam that tried to dupe recipients into infecting their PCs with the malware, which like Zeus, is designed to pillage individuals' and companies' bank accounts.
Jackson, who has been tracking the Zeus malware and its developer for years, said that Gameover posed a new and more dangerous threat because it had been created by the maker of Zeus specifically at the behest of one of his biggest clients.
"The crew using Gameover has requested a lot of changes in the Zeus functionality," said Jackson, adding that the hacker crew using Gameover has direct access to Zeus' maker because it pays him well and often for support.
"The Zeus author now has only three or four major clients," said Jackson. The criminal coder abandoned all his "small fish" to focus on supporting a handful of customers who pay top dollar for his work.
Almost a year ago, Zeus's creator halted development after the software's source code leaked to the Internet. Subsequently, other security researchers noticed that many of Zeus' features were rolled into another crimeware construction kit called SpyEye. Last August, experts at Moscow-based Kaspersky Lab highlighted a botnet dubbed "Ice IX" that was reportedly built atop the older Zeus source code.
Jackson believes that the maker of Zeus decided to turn those events to his advantage.
"He dumped all his small fishes," said Jackson, "which not only takes the heat off him, but also removes him from resellers. It lets him concentrate and focus on what would be next for Zeus."
The additions demanded by the Gameover gang, which the Zeus developer quickly created, included a new, more distributed form of command-and-control (C&C) that uses a peer-to-peer function to update infected machines when or if a botnet's single C&C server is discovered by authorities and taken offline.
Gameover, which Jackson said should be considered a "private version" of Zeus, also supports the use of complex Web injections that allow criminals to bypass multi-factor authentication now used by many financial institutions to stymie account plundering.
And the crew apparently asked for changes to Zeus that would let the gang rent third-party botnets that specialize in conducting distributed denial-of-service (DDoS) attacks, Jackson added.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Alert Logic for PCI DSS Compliance To achieve PCI DSS compliance, you must identify and remediate all critical vulnerabilities detected during PCI scans. Threat Manager streamlines this process by...
- Cybersecurity Imperatives Reinvent Your Network Security With Palo Alto Networks The Rise of CyberSecurity
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts