Unlike Team Fortress 2 or Doom, two of the most popular PC games of all time, GameOver ZeuS is not a game you can buy online or would willingly download on to your computer.
What is GameOver ZeuS?
While we’ve talked about banking Trojans before, none have been as detrimental to users as the GameOver ZeuS or GOZ Trojan, which initially began infecting users in 2012. Gameover ZeuS is designed to capture banking credentials from infected computers, and make wire transfers to criminal accounts overseas. It was allegedly authored by Russian hacker Evgeniy Bogachev, who then implanted it on computers all around the world; building a network of infected machines – or bots – that his crime syndicate could control from anywhere.
It’s predominately spread through spam e-mail or phishing messages. So far, it’s been estimated to scam people out of hundreds of millions of dollars and it’s only getting worse.
It doesn’t stop there; Gameover ZeuS can also be modified by hackers to load different kinds of Trojans on to it. One such Trojan is a ransomware called CryptoLocker, which is a devastating malware that locks a user’s most precious files by encrypting all the files until he or she pays the hacker a ransom.
In June 2014, the FBI, Europol, and the UK’s National Crime Agency announced they had been working closely with various security firms and academic researchers around the world and took action under a program dubbed “Operation Trovar.” This initiative temporarily disrupted the system that was spreading the Trojan and infecting computers, allowing a temporary pause in additional computers from being infected. However, computers that were already infected remained at risk, as they were still compromised.
The disruption of the GameOver ZeuS botnet was a great success in many ways, but it’s not over. Our security advisor, Sean Sullivan, worries that this temporary disruption was actually more dangerous than completely taking it down.
“Without arresting Bogachev, Gameover ZeuS is still a huge threat and likely to evolve to become more dangerous. The hackers can just as easily program a future version of the Trojan to initiate a “self-destruct” order (like destroy every file on a computer) if the ransom isn’t paid, or if authorities try to intervene.”
What can we do to protect our digital freedom?
For more information on how this powerful Trojan works and how it is spread, check out this this video.
Have more questions? Ask us here on the blog.
To commemorate F-Secure’s 30th year of innovation, we’re profiling 30 of our fellows from our more than…
July 12, 2018