Alert! Serving Gameover Zeus

  • March 26, 2014
  • 2 min read


Researchers have discovered a new variant of the financial Trojan Gameover Zeus that specifically targets the worldwide employment website Users who are infected by this variant are at risk of having their log-in credentials compromised.

How it Works

Gameover Zeus has long been known for its prowess as a financial Trojan. The malware usually spreads through targeted phishing emails, and once installed it can be used to perform fraudulent banking transactions and to connect users to botnets for DDOS attacks.

This new variant of the Trojan uses Man-in-the-Browser techniques to inject a fraudulent sign-in button and form into’s sign-in page.

Users who click the fake sign-in button send their username and password to the attacker. They are then redirected to a form with a series of fake security questions, such as “In what City / Town does your nearest sibling live?” and “What are the last 5 digits / letters of your driver’s license number?”

Why this is a Threat

In 2013, Zeus’s Gameover variant was responsible for approximately one-third of all computerized attacks on financial institutions.  Early last year, Zeus was also found connecting to LinkedIn, and just last month it was found circulating Zeus is dangerous because it enables direct, covert, theft of funds. In comparison, the collection of user log-in credentials and random facts gathered through fake security questions may seem trivial, but it is not.

Threat Mitigation

Gameover Zeus usually spreads through targeted phishing emails. As such, if an email contains a suspicious attachment, don’t open it. In this regard, hiring managers with active accounts are most at risk because they likely receive numerous emails with attached resumes on a daily basis and likely have a lot of information about a lot of people on their account. Regardless, anyone with a Monster account is at risk.

If you are worried that your computer may be infected by this latest variant, our experts in the Help, my PC is infected! Emsisoft Forum are always ready and willing to help. Our removal service is free, even if you are not an Emsisoft customer yet.

Those running Emsisoft Anti-Malware are automatically protected from this threat. Although this is indeed a new variant of Zeus with a new signature, our Behavior Blocking Technology  can identify novel threats based on the way they interact with your computer.

Have a Great (Monster Malware-Free) Day!



Freelance writer and security enthusiast based in the USA.

What to read next

Reader Comments