“Gameover” malware returns from the dead…
July 14, 2014 No CommentsIn early June 2014, international law enforcement agencies combined to carry out a hugely successful action called Operation Tovar against the cybercrime group behind the malware family known variously as Gameover, Gameover Zeus or GOZ.
The operation was a success, shutting down activity from the Gameover botnet for the past month.
Botnets, don’t forget, are collections of malware-infected computers, individually referred to as bots or zombies, that can be controlled remotely by criminals known as bot-herders or botmasters.
As well as stealing information such as banking passwords from each computer in the botnet, the crooks can also send commands to all the computers in the botnet at the same time, essentially giving them a huge distributed “network cloud” of computing resources.
Botnets can therefore be used to send massive quantities of spam (including spam runs containing email attachments with more malware), to clock up huge numbers of fraudulent but legitimate-looking ad clicks, to carry out online attacks, and more.
Attacks of this sort are hard to block because they originate simultaneously from thousands of innocent-looking computers, so there isn’t a single, obvious source of criminality.
Sadly, it looks as though Gameover is back.
So far, SophosLabs has only seen a few samples of the new version, but it has been distributed through widespread spam campaigns, so the number of infections may already be large.