Gameover ZeuS
   HOME

TheInfoList



Click Here for Items Related To - Gameover ZeuS
OR:
Gameover ZeuS on:   [Wikipedia]   [Google]   [Amazon]

GameOverZeus is a
peer-to-peer Peer-to-peer (P2P) computing or networking is a distributed application architecture that partitions tasks or workloads between peers. Peers are equally privileged, equipotent participants in the network. They are said to form a peer-to-peer n ...
botnet A botnet is a group of Internet-connected devices, each of which runs one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam, and allow the attacker to access the device and its conn ...
based on components from the earlier ZeuS trojan. The malware was created by Russian hacker Evgeniy Mikhailovich Bogachev. It is believed to have been spread through use of the Cutwail botnet. Unlike its predecessor the ZeuS trojan, Gameover ZeuS uses an
encrypted In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can decip ...
peer-to-peer communication system to communicate between its nodes and its command and control servers, greatly reducing its vulnerability to law enforcement operations. The algorithm used appears to be modeled on the
Kademlia Kademlia is a distributed hash table for decentralized peer-to-peer computer networks designed by Petar Maymounkov and David Mazières in 2002. It specifies the structure of the network and the exchange of information through node lookups. Kademl ...
P2P protocol. Scammers control and monitor Gameover ZeuS via
command and control Command and control (abbr. C2) is a "set of organizational and technical attributes and processes ... hatemploys human, physical, and information resources to solve problems and accomplish missions" to achieve the goals of an organization or en ...
(C&C) servers. The virus establishes the connection to the server as soon as its malicious executable installs on the computer, at which point it can disable certain system processes, download and launch executables, or delete essential system files, making the system unusable. According to a report by Symantec, Gameover ZeuS has largely been used for banking fraud and distribution of the
CryptoLocker The CryptoLocker ransomware attack was a cyberattack using the ''CryptoLocker'' ransomware that occurred from 5 September 2013 to late May 2014. The attack utilized a trojan that targeted computers running Microsoft Windows, and was believed ...
ransomware Ransomware is a type of malware from cryptovirology that threatens to publish the victim's personal data or permanently block access to it unless a ransom is paid off. While some simple ransomware may lock the system without damaging any files, ...
. The top infected countries were US, Italy, UAE, Japan, India and the UK.


Evgeniy Mikhailovich Bogachev

In early June 2014, the
U.S. Department of Justice The United States Department of Justice (DOJ), also known as the Justice Department, is a federal executive department of the United States government tasked with the enforcement of federal law and administration of justice in the United State ...
announced that an international inter-agency collaboration named
Operation Tovar Operation Tovar is an international collaborative operation carried out by law enforcement agencies from multiple countries against the Gameover ZeuS botnet, which is believed by the investigators to have been used in bank fraud and the distributi ...
had succeeded in temporarily cutting communication between Gameover ZeuS and its command and control servers. This was an effort to shut down the Evgeniy Mikhailovich Bogachev criminal infrastructure and liberate computers infected with GameOver ZeuS. "He has been indicted in the United States, accused of creating a sprawling network of virus-infected computers to siphon hundreds of millions of dollars from bank accounts around the world, targeting anyone with enough money worth stealing." In a widely circulated photo, he is pictured holding a domestic
Bengal cat The Bengal cat is a domesticated cat breed created from a hybrid of the Asian leopard cat (''Prionailurus bengalensis''), with domestic cats, especially the spotted Egyptian Mau. The breed name comes from the leopard cat's taxonomic name. Beng ...
.
Bitdefender Bitdefender is a Romanian cybersecurity technology company headquartered in Bucharest, Romania, with offices in the United States, Europe, Australia and the Middle East. The company was founded in 2001 by the current CEO and main shareholder, ...
has identified two Gameover ZeuS variants in the wild: one of them generates 1,000 domains per day and the other generates 10,000 per day.


FBI Reward

On 24 February 2015, the
FBI The Federal Bureau of Investigation (FBI) is the domestic Intelligence agency, intelligence and Security agency, security service of the United States and its principal Federal law enforcement in the United States, federal law enforcement age ...
announced a reward of up to $3 million in exchange for information regarding alleged Russian cybercriminal Evgeniy Mikhailovich Bogachev (also known online as "Slavik", "lucky12345", "Pollingsoon", "Monstr", "IOO" and "Nu11") over his suspected association with Gameover ZeuS. The FBI reward of $3 million was the highest ever for a
cybercriminal A cybercrime is a crime that involves a computer or a computer network.Moore, R. (2005) "Cyber crime: Investigating High-Technology Computer Crime," Cleveland, Mississippi: Anderson Publishing. The computer may have been used in committing th ...
. until on Thursday, 5 December 2019, the F.B.I. issued a $5 million reward for the leader of the 'Evil Corp' hacker group, Maksim Viktorovich Yakubets for the development and deployment of the
Dridex Dridex also known as Bugat and Cridex is a form of malware that specializes in stealing bank credentials via a system that utilizes macros from Microsoft Word. The targets of this malware are Windows users who open an email attachment in Word ...
banking trojan virus.


See also

*
Conficker Conficker, also known as Downup, Downadup and Kido, is a computer worm targeting the Microsoft Windows operating system that was first detected in November 2008. It uses flaws in Windows OS software and dictionary attacks on administrator pas ...
*
Command and control (malware) A botnet is a group of Internet-connected devices, each of which runs one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam, and allow the attacker to access the device and its conn ...
*
Operation Tovar Operation Tovar is an international collaborative operation carried out by law enforcement agencies from multiple countries against the Gameover ZeuS botnet, which is believed by the investigators to have been used in bank fraud and the distributi ...
*
Russian interference in the 2016 United States elections The Russian government interfered in the 2016 U.S. presidential election with the goals of harming the campaign of Hillary Clinton, boosting the candidacy of Donald Trump, and increasing political and social discord in the United States. Acc ...
*
Timeline of computer viruses and worms A timeline is a display of a list of events in chronological order. It is typically a graphic design showing a long bar labelled with dates paralleling it, and usually contemporaneous events. Timelines can use any suitable scale representin ...
*
Tiny Banker Trojan Tiny Banker Trojan, also called Tinba, is a malware program that targets financial institution websites. It is a modified form of an older form of viruses known as Banker Trojans, yet it is much smaller in size and more powerful. It works by estab ...
*
Torpig Torpig, also known as Anserin or Sinowal is a type of botnet spread through systems compromised by the Mebroot rootkit by a variety of trojan horses for the purpose of collecting sensitive personal and corporate data such as bank account and credi ...
*
Zeus (malware) Zeus, ZeuS, or Zbot is a Trojan horse malware package that runs on versions of Microsoft Windows. While it can be used to carry out many malicious and criminal tasks, it is often used to steal banking information by man-in-the-browser keystr ...
*
Zombie (computer science) In computing, a zombie is a computer connected to the Internet that has been computer security, compromised by a Hacker (computer security), hacker via a computer virus, computer worm, or Trojan horse (computing), trojan horse program and can b ...


References

Botnets Peer-to-peer computing Windows trojans Hacking in the 2010s {{law-enforcement-stub