GameOver Zeus!

OVERVIEW

GameOver Zeus (GOZ), a peer-to-peer (P2P) variant of the Zeus family of bank credential-stealing malware identified in September 2011, uses a decentralized network infrastructure of compromised personal computers and web servers to execute command-and-control. The United States Department of Homeland Security (DHS), in collaboration with the Federal Bureau of Investigation (FBI) and the Department of Justice (DOJ), is releasing this Technical Alert to provide further information about the GameOver Zeus botnet.

DESCRIPTION

GOZ, which is often propagated through spam and phishing messages, is primarily used by cyber criminals to harvest banking information, such as login credentials, from a victim’s computer. Infected systems can also be used to engage in other malicious activities, such as sending spam or participating in distributed denial-of-service (DDoS) attacks. 

Prior variants of the Zeus malware utilized a centralized command and control (C2) botnet infrastructure to execute commands. Centralized C2 servers are routinely tracked and blocked by the security community. GOZ, however, utilizes a P2P network of infected hosts to communicate and distribute data, and employs encryption to evade detection. These peers act as a massive proxy network that is used to propagate binary updates, distribute configuration files, and to send stolen data. Without a single point of failure, the resiliency of GOZ’s P2P infrastructure makes take down efforts more difficult.

Impact

A system infected with GOZ may be employed to send spam, participate in DDoS attacks, and harvest users’ credentials for online services, including banking services.

REMOVAL

This case and operation are ongoing, and we will continue to provide updates as they become available. To stay up to date on the latest developments on the fight against cybercrime, follow the Microsoft Digital Crimes Unit on Facebook and Twitter.

Visit http://support.microsoft.com/gp/cu_sc_virsec_master for detailed instructions on how to remove the GameOver Zeus trojan using malware removal or anti-virus software as quickly as possible.

For any more questions or concerns, Alameda Business Machines is more than happy to assist you. (510) 522-4921

About ABM COMPUTERS

Originally Alameda Typewriter, ABM COMPUTERS has served the entire San Francisco Bay Area with professional, first-rate IT support and computer sales from the same location since 1939. Building on decades of experience, along with a dedicated team, we continue to provide in-shop and on-site standout, services and comprehensive, affordable solutions for all your computing needs.

Posted on June 3, 2014, in Computer Advice. Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: