The GameOver ZeuS malware has reportedly come back “from the dead” this week–days after it was reported that authorities took control of infrastructure that was impacted by it.
The malware hijacked more than 1 million computers across the world and was used to disseminate spam and launch malware attacks. It was also used to coordinate attacks to steal banking credentials.
According to Graham Clulely, a security blogger, “Researchers at Malcovery Security say that they have intercepted a new version of the banking Trojan horse that has been distributed via malicious spam campaigns, disguised as messages from the NatWest bank, the Essentra packing company, and M&T Bank.”
He adds: “Time will tell if new versions of the malware will be as successful as those that have gone before it – we can only hope that users are getting smarter about keeping their computers properly protected.”
Malcovery said last week that the “new trojan” is based on the GameOver Zeus binary, and it was distributed via spam e-mail templates.
The e-mails purport to be from M&T Bank, Essentra PastDue, and NatWest, but this could be subjected to change.
“Malcovery was able to identify a number of the command-and-control hosts believed to be involved in this attempt to revive the GameOver botnet. Following contact with any of these hosts, the malware began to exhibit behaviors characteristic of the GameOver trojan—including the characteristic list of URLs and URL substrings targeted by the malware for Web injects, form-grabs, and other information stealing capabilities,” the firm said in a statement.