Gameover Zeus Decides to TRY AGAIN

try-again-mergedOver one month ago, the FBI coordinated with international authorities in Operation Tovar, to successfully interrupt the criminal botnet of Gameover Zeus. Today, reports indicate that it isn’t Game Over just yet. Early this morning, researchers uncovered a spam campaign using attached zip files containing malware. Upon closer inspection, said malware was found to share 90% of its code base with Gameover Zeus.

There was, however, one big difference. Whereas the original Gameover botnet relied upon P2P, TRY AGAIN Zeus uses fast-flux hosting, an evasive technique that allows the botnet to hide its distributive phishing sites behind a constantly shuffling list of infected, proxy computers. Accordingly, fast-flux will make TRY AGAIN Zeus harder to combat for info sec law enforcement.

As always, those receiving mysterious attachments/links via email related to financial matters are urged not to open them or click. Those running Emsisoft: rest assured, we’ve got your back. And, those seeking further details, look no further than coverage from Mr. Brian Krebs.

Have a Great (Zeus-Free) Day!