.png/250px-GameOverZeus_FBI_graphic_(cropped).png){kind=small}
.png)
Community hub
Recent from talks
Contribute something to knowledge base
Content stats: 0 posts, 0 articles, 1 media, 0 notes
Members stats: 0 subscribers, 0 contributors, 0 moderators, 0 supporters
Subscribers
Supporters
Contributors
Moderators
Hub AI
Gameover ZeuS AI simulator
(@Gameover ZeuS_simulator)
Hub AI
Gameover ZeuS AI simulator
(@Gameover ZeuS_simulator)
Gameover ZeuS
GameOver ZeuS (GOZ), also known as peer-to-peer (P2P) ZeuS, ZeuS3, and GoZeus, is a Trojan horse developed by Russian cybercriminal Evgeniy Bogachev. Created in 2011 as a successor to Jabber Zeus, another project of Bogachev's, the malware is notorious for its usage in bank fraud resulting in damages of approximately $100 million and being the main vehicle through which the CryptoLocker ransomware attack was conducted, resulting in millions of dollars of losses. At the peak of its activity in 2012 and 2013, between 500,000 and 1 million computers were infected with GameOver ZeuS.
The original GameOver ZeuS was propagated through spam emails containing links to websites that would download the malware onto the victim's computer. The infected computer was then integrated into a botnet, considered to be one of the most sophisticated and secure botnets in the world at the time. The GOZ botnet was particularly notable for its decentralized, peer-to-peer infrastructure, which combined with other security measures such as rootkits made shutting down the botnet extremely difficult. The botnet's activities were additionally directed by an organized crime group headed by Bogachev, which was primarily based in Russia and Eastern Europe. The syndicate further complicated attempts to combat it by law enforcement and security researchers using a large money laundering network and DDoS attacks, used as both retaliation and as a form of distraction during thefts.
In 2014, the original GameOver ZeuS botnet was shut down by a collaboration between several countries' law enforcement and private cybersecurity firms, named Operation Tovar. Bogachev was indicted shortly after and a reward of $3 million was issued for information leading to his arrest, at the time the highest reward for a cybercriminal in history. Less than two months after Operation Tovar was executed, a new strain of GameOver ZeuS was discovered. Named "newGOZ", it lacked peer-to-peer capabilities but otherwise shared ninety percent of its codebase with the original GOZ. The involvement of the original GameOver ZeuS administrators in newGOZ's activity since its creation is disputed.
Zeus is a family of Trojan horses and related crimeware which first appeared in 2007. The chief characteristic of Zeus variants are their ability to integrate infected machines into botnets, systems of multiple devices that could be controlled remotely through the malware.
The creator and main developer of the original Zeus was Evgeniy Bogachev, also known as "lucky12345" and "slavik". The original version of Zeus was "kit malware"—a prospective cybercriminal would purchase a license to use a copy of Zeus or obtain an inferior, free version. With the license, the purchaser could use Zeus to make their own Trojan, which they could use as they pleased. In late 2010 Bogachev announced that he was retiring from cybercrime and handing over Zeus's code to a competitor called SpyEye. Security researchers viewed the move with skepticism, as Bogachev had on multiple previous occasions announced his retirement only to return with an improved version of Zeus. In fact, Bogachev had not retired, but had transitioned from selling Zeus as kit malware to the general criminal underground to selling access to fully completed versions of the Trojan to a narrower clientele. This "private" version of Zeus became known as Zeus 2.1, or Jabber Zeus. Jabber Zeus-facilitated crimes were run by an organized crime syndicate, of which Bogachev was a key member, which largely dissolved in 2010 due to police action.
GameOver ZeuS was created on September 11, 2011, as an update to Zeus 2.1. In May 2011, the source code for Zeus was leaked, resulting in a proliferation of variants. Security researchers have variously attributed the leak to Bogachev or Aleksandr Panin, the creator of SpyEye. Cybersecurity advisor Sean Sullivan noted that the leak was convenient for Bogachev, who could refocus on new criminal ventures whilst investigators were distracted by the new Zeus variants.
Researchers became aware of the GameOver ZeuS botnet in 2011. In January 2012, the FBI issued warnings to companies instructing them to look out for GOZ. The name "GameOver ZeuS" was invented by security researchers, and comes from a file named "gameover2.php" used by the C2 channel. Other names have included peer-to-peer ZeuS, ZeuS3, and GoZeus. The malware was known within Bogachev's crime network as Mapp 13, "13" being the version number.
GameOver ZeuS was spread using spam emails impersonating various groups such as online retailers, financial institutions, and cell phone companies. The emails would contain a link to a compromised website from which the malware was downloaded. These spam emails were sent via a different botnet, Cutwail, that was frequently rented out by cybercriminals to send spam.
Gameover ZeuS
GameOver ZeuS (GOZ), also known as peer-to-peer (P2P) ZeuS, ZeuS3, and GoZeus, is a Trojan horse developed by Russian cybercriminal Evgeniy Bogachev. Created in 2011 as a successor to Jabber Zeus, another project of Bogachev's, the malware is notorious for its usage in bank fraud resulting in damages of approximately $100 million and being the main vehicle through which the CryptoLocker ransomware attack was conducted, resulting in millions of dollars of losses. At the peak of its activity in 2012 and 2013, between 500,000 and 1 million computers were infected with GameOver ZeuS.
The original GameOver ZeuS was propagated through spam emails containing links to websites that would download the malware onto the victim's computer. The infected computer was then integrated into a botnet, considered to be one of the most sophisticated and secure botnets in the world at the time. The GOZ botnet was particularly notable for its decentralized, peer-to-peer infrastructure, which combined with other security measures such as rootkits made shutting down the botnet extremely difficult. The botnet's activities were additionally directed by an organized crime group headed by Bogachev, which was primarily based in Russia and Eastern Europe. The syndicate further complicated attempts to combat it by law enforcement and security researchers using a large money laundering network and DDoS attacks, used as both retaliation and as a form of distraction during thefts.
In 2014, the original GameOver ZeuS botnet was shut down by a collaboration between several countries' law enforcement and private cybersecurity firms, named Operation Tovar. Bogachev was indicted shortly after and a reward of $3 million was issued for information leading to his arrest, at the time the highest reward for a cybercriminal in history. Less than two months after Operation Tovar was executed, a new strain of GameOver ZeuS was discovered. Named "newGOZ", it lacked peer-to-peer capabilities but otherwise shared ninety percent of its codebase with the original GOZ. The involvement of the original GameOver ZeuS administrators in newGOZ's activity since its creation is disputed.
Zeus is a family of Trojan horses and related crimeware which first appeared in 2007. The chief characteristic of Zeus variants are their ability to integrate infected machines into botnets, systems of multiple devices that could be controlled remotely through the malware.
The creator and main developer of the original Zeus was Evgeniy Bogachev, also known as "lucky12345" and "slavik". The original version of Zeus was "kit malware"—a prospective cybercriminal would purchase a license to use a copy of Zeus or obtain an inferior, free version. With the license, the purchaser could use Zeus to make their own Trojan, which they could use as they pleased. In late 2010 Bogachev announced that he was retiring from cybercrime and handing over Zeus's code to a competitor called SpyEye. Security researchers viewed the move with skepticism, as Bogachev had on multiple previous occasions announced his retirement only to return with an improved version of Zeus. In fact, Bogachev had not retired, but had transitioned from selling Zeus as kit malware to the general criminal underground to selling access to fully completed versions of the Trojan to a narrower clientele. This "private" version of Zeus became known as Zeus 2.1, or Jabber Zeus. Jabber Zeus-facilitated crimes were run by an organized crime syndicate, of which Bogachev was a key member, which largely dissolved in 2010 due to police action.
GameOver ZeuS was created on September 11, 2011, as an update to Zeus 2.1. In May 2011, the source code for Zeus was leaked, resulting in a proliferation of variants. Security researchers have variously attributed the leak to Bogachev or Aleksandr Panin, the creator of SpyEye. Cybersecurity advisor Sean Sullivan noted that the leak was convenient for Bogachev, who could refocus on new criminal ventures whilst investigators were distracted by the new Zeus variants.
Researchers became aware of the GameOver ZeuS botnet in 2011. In January 2012, the FBI issued warnings to companies instructing them to look out for GOZ. The name "GameOver ZeuS" was invented by security researchers, and comes from a file named "gameover2.php" used by the C2 channel. Other names have included peer-to-peer ZeuS, ZeuS3, and GoZeus. The malware was known within Bogachev's crime network as Mapp 13, "13" being the version number.
GameOver ZeuS was spread using spam emails impersonating various groups such as online retailers, financial institutions, and cell phone companies. The emails would contain a link to a compromised website from which the malware was downloaded. These spam emails were sent via a different botnet, Cutwail, that was frequently rented out by cybercriminals to send spam.
Recent media
Recent media