Gameover’s back from the dead? Why law enforcement couldn’t kill it
Submitted by John Zorabedian on
In June, law enforcement in the U.S. knocked out the command and control servers of the Gameover malware that compromised thousands of PCs all around the world.
Gameover, developed by hackers using source code from the Zeus family, was particularly effective at spreading the Cryptolocker ransomware that infected so many people in the U.S. and UK last fall and held their files to ransom.
By knocking out the servers, all the infected PCs in Gameover’s botnet, called bots or zombies, were liberated from Gameover’s control.
Now, a month after the FBI did its best to kill Gamover and knock out Cryptolocker, experts at SophosLabs have spotted a new version of Gameover taking over PCs.
So far the Gameover malware has been spread via spam emails with malicious attachments – the ones Sophos has seen claim to come from your bank and ask you to open your account statement.
We don’t yet know how effective this campaign will be and how many will fall victim to the cybercriminals’ social engineering tricks, but some will undoubtedly be fooled.
According to SophosLabs senior threat researcher James Wyke, who has analyzed the Gameover code, this new version of Gameover is much more stripped down than the last one.
The new Gameover version doesn’t have a rootkit, which makes it harder to remove from your PC. Also, it no longer attempts to reach other infected PCs via a P2P network.
Does that mean this version of Gameover is less dangerous than before?
Possibly. But Gameover will continue to evolve and spread if we don’t take this threat seriously.
You can see more SophosLabs research about Gameover at these links on our Naked Security blog:
Gameover malware returns from the dead
Has CryptoLocker been cracked? Is Gameover over?
Gameover and CryptoLocker revisited – the important lessons we can learn
Want to hear more from Sophos?