Skip to comments.GameOver Zeus P2P Malware
Posted on 06/02/2014 5:06:15 AM PDT by ShadowAce
GameOver Zeus (GOZ), a peer-to-peer (P2P) variant of the Zeus family of bank credential-stealing malware identified in September 20111, uses a decentralized network infrastructure of compromised personal computers and web servers to execute command-and-control. The United States Department of Homeland Security (DHS), in collaboration with the Federal Bureau of Investigation (FBI) and the Department of Justice (DOJ), is releasing this Technical Alert to provide further information about the GameOver Zeus botnet.
GOZ, which is often propagated through spam and phishing messages, is primarily used by cybercriminals to harvest banking information, such as login credentials, from a victims computer2. Infected systems can also be used to engage in other malicious activities, such as sending spam or participating in distributed denial-of-service (DDoS) attacks.
Prior variants of the Zeus malware utilized a centralized command and control (C2) botnet infrastructure to execute commands. Centralized C2 servers are routinely tracked and blocked by the security community1. GOZ, however, utilizes a P2P network of infected hosts to communicate and distribute data, and employs encryption to evade detection. These peers act as a massive proxy network that is used to propagate binary updates, distribute configuration files, and to send stolen data3. Without a single point of failure, the resiliency of GOZs P2P infrastructure makes takedown efforts more difficult1.
A system infected with GOZ may be employed to send spam, participate in DDoS attacks, and harvest users' credentials for online services, including banking services.
Users are recommended to take the following actions to remediate GOZ infections:
http://www.f-secure.com/en/web/home_global/online-scanner (Windows Vista, 7 and 8)
http://www.f-secure.com/en/web/labs_global/removal-tools/-/carousel/view/142 (Windows XP systems)
http://goz.heimdalsecurity.com/ (Microsoft Windows XP, Vista, 7, 8 and 8.1)
http://www.microsoft.com/security/scanner/en-us/default.aspx (Windows 8.1, Windows 8, Windows 7, Windows Vista, and Windows XP)
http://www.sophos.com/VirusRemoval (Windows XP (SP2) and above)
http://www.symantec.com/connect/blogs/international-takedown-wounds-gameover-zeus-cybercrime-network (Windows XP, Windows Vista and Windows 7)
http://www.trendmicro.com/threatdetector (Windows XP, Windows Vista, Windows 7, Windows 8/8.1, Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2)
The above are examples only and do not constitute an exhaustive list. The U.S. Government does not endorse or support any particular product or vendor.
No Linux on that list. Wonder why. heh
This was already “patched” by Symantec last week. The public is always last to know.
It's interesting to me that the reaction of Windows-based systems is to rely on other software to prevent malware, while the linux community actually patches the OS to prevent it.
Linux has had some malware crop up in the past, but the community/developers always patch the OS--not develop anti-malware software to run and use up cycles.
Well, remember that Windows is designed to be “all-inclusive,” so the kernel is much more open than your run-of-the-mill generic Nix kernel. Microsoft also only patches once a month. I’m updating my Nix machines quite often, depending on Landscape alerts from my Ubuntu clusters.
i hope that is a better utility than Apper is with OpenSUSE. More often than not i have to go into YaST to install a dependency that Apper can't handle.
Landscape is just a “monitor,” if you will. Aptitude is still the installer for Ubuntu.