More Than Half Of Top 20 Fortune 500 Firms Infected With Gameover Zeus Botnet

  /     /     /  
Publicated : 22/11/2024   Category : security


More Than Half Of Top 20 Fortune 500 Firms Infected With Gameover Zeus Botnet


Financial botnet has amassed some 680,000 bots



The Gameover Zeus botnet is now the biggest financial fraud botnet around, and its run by a single cybercrime group out of Eastern Europe, according to new research.
Brett Stone-Gross, senior security researcher with Dell Secureworks, has been closely monitoring the botnet since late April, with his team crawling the peer-to-peer botnet to determine its size and scope, and counted some 678,205 infected bots. He published
his overall findings on the inner workings of the botnet
last week during Black Hat USA.
Theres one group behind it, Stone-Gross says. And its the largest financial botnet out there.
They key to its success, he says, is it has a huge number of servers that it has compromised, and it rents out the Cutwail spam botnet to deliver its initial payload via phishing emails impersonating legitimate companies, including cellular phone companies, retailers, social networking sites, and financial institutions. They take a legitimate email and replace a link inside it that sends the victim to one of their compromised websites, he says.
The victims who fall for the email ruses -- invoices, order confirmations, or warnings about unpaid bills -- become part of the peer-to-peer Zeus-based Gameover botnet. If you click the link, you see the fake loading page, which loads JavaScript from three different compromised sites, Stone-Gross says.
Stone-Gross and his team found some 1.5 million unique IP addresses infected with Gameover, with the U.S. (150,204 bots), Germany (48.853 bots), and Italy (34,361 bots) suffering the most infections. Infections have hit not only the Fortune 500, but also universities, hospitals, financial institutions, defense contractors, government agencies, and law enforcement.
Recent
data from LookingGlass Cyber Solutions
said that 18 of the 24 largest banks around the world suffer from infamous malware, including Gameover Zeus, DNS Changer, BlackHole Exploit Kit, and fake antivirus.
Dell Secureworks Stone-Gross says Gameover is all about stealing victims online credentials and other personal information. Once they are infected and visit their online retailer, for example, it prompts them for information, such as Social Security number, mothers maiden name, credit-card number, and date of birth.
They also track their success of infection, such as which exploits worked, Stone-Gross says.
Gameover also employs the DirtJumper tool to DDoS financial institutions while it steals their customers funds. It uses a downloader called Pony Loader that downloads the peer-to-peer communication of Zeus, and steals HTTP, FTP, and email credentials.
Whats interesting about Gameover is that its a P2P network, and the robustness of the network itself. Each malware sample includes a hard-coded peers list, and the bot tries to reach out to them and request information, configuration files, version information, and binary updates, Stone-Gross says. The architecture has its own failover mechanism, he says.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security

▸ Criminal Possession of Government-Grade Stealth Malware ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
More Than Half Of Top 20 Fortune 500 Firms Infected With Gameover Zeus Botnet