U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Cyber Crime

Bad Actors rebuild from scratch the Gameover Zeus Botnet

Experts at Arbor networks discovered a new variant of GameOver Zeus Botnet which implement DGA scheme. Recently law enforcement agencies have taken down the GameOver Zeus botnet with a multinational effort, but a few weeks later, researchers at Seculert spotted a new variant in the wild, which implements a domain generation algorithm.Investigators from FBI and Europol […]

Bad Actors rebuild from scratch the Gameover Zeus Botnet

Experts at Arbor networks discovered a new variant of GameOver Zeus Botnet which implement DGA scheme.

Recently law enforcement agencies have taken down the GameOver Zeus botnet with a multinational effort, but a few weeks later, researchers at Seculert spotted a new variant in the wild, which implements a domain generation algorithm.Investigators from FBI and Europol coordinated their activities to seize servers and domains used by bad actors, that authorities discovered was also used to distribute CryptoLocker ransomware.

Experts at Seculert noticed that the DGA scheme allowed the botnet to pass from 1,000 new bots a week, to 1,000 a day on average.  According to experts at Arbor networks, cybercriminals behind the malicious infrastructure have renewed it. As explained by Dave Loftus, security analyst at Arbor Networks until law enforcement arrest the member of the gang behind the GameOver Zeus botnet, the growth of the malicious network will continue.

GameOver Zeus was involved in financial frauds, the malware is able to steal banking credentials from infected machines.

The researchers identified, thanks to sinkhole analysis, at least 12,353 unique IP addresses worldwide belonging to the new GameOver Zeus botnet.

Between July 18 and July, the experts at Arbor Networks used five sinkholes to collect the connection of malicious instances of GameOver Zeus worldwide.

“The steady growth of newGOZ demonstrates the resilience of the attackers to keep their botnet active,” “While previous efforts to disrupt the botnet have been successful, these disruptions are usually only temporary. Until law enforcement can successfully prosecute the individuals behind the botnet, we expect the growth of newGOZ to continue well into the future.” said Loftus.

GameOver Zeus botnet implements a peer to peer communication protocol that makes it hard to detect and more resilient to the mitigation action of law enforcement and security firms for the lack of a centralized control. The new GameOver Zeus no longer utilizes the P2P protocol but but generates a series of domain with a DGA algorithm, this makes easy for bad actors to quickly rebuilding their malicious infrastructure even more law enforcement take down it.

“Our sinkhole data reinforces steady growth of new Gameover Zeus since we started tracking the botnet,”.

Loftus referencing the data provided by Malcovery firm, which observed in mid-July hat the Cutwail botnet began distributing new GameOver Zeus via spam campaigns, said:

“Our sinkhole data provides a first look at how successful these spam campaigns have been. Between July 21-25, we observed a 1,879 percent increase, confirming that the cybercriminals are actively rebuilding their botnet from scratch.”

Zeus GameOver Infection

The most infections were in the United States and India, Internet service providers, telecommunications and education markets were most affected.

Pierluigi Paganini

(Security Affairs – GameOver Zeus, cybercrime)