- Dec 30, 2012
- 4,809
The GameOver Zeus malware had a nice run for itself, making untold millions of dollars for its creators. But it was a run that ended with a multi-continent operation from law enforcement and security researchers to disassemble the infrastructure. Now researchers have identified a new variant of the Cridex malware that has adopted some of the techniques that made GOZ so successful in its day.
GOZ was one of the more successful pieces of financial malware to appear in recent years, and was used by its creators to perpetrate massive wire fraud schemes around the globe. The malware differed from its older cousin, Zeus, in that it employed a P2P architecture for its command and control infrastructure, something that made it more difficult for authorities and researchers to track and defeat. Although a large joint operation between security researchers and law enforcement agencies in the United States and Europe took down the GOZ infrastructure in June, experts say they have seen definitive signs that GOZ is coming back to life.
Experts say they have seen definitive signs that GOZ is coming back to life.
In July researchers identified a potential new version of the GOZ malware, and just this week researchers at Arbor Networks said they have evidence that the GOZ botnet is coming back to life. The company has been operating five separate GOZ sinkholes and has seen more than 12,000 unique GOZ-infected IP addresses connecting to the servers. Now, researchers at IBM’s X-Force research team have seen a new version of Cridex, which is also known as Bugat and Feodo, using some of the same techniques that GOZ used to such good effect. Specifically, the new strain of malware has adopted GOZ’s penchant for using HTML injections, and the researchers say the technique is nearly identical to the way that GOZ handled it.
Read More
GOZ was one of the more successful pieces of financial malware to appear in recent years, and was used by its creators to perpetrate massive wire fraud schemes around the globe. The malware differed from its older cousin, Zeus, in that it employed a P2P architecture for its command and control infrastructure, something that made it more difficult for authorities and researchers to track and defeat. Although a large joint operation between security researchers and law enforcement agencies in the United States and Europe took down the GOZ infrastructure in June, experts say they have seen definitive signs that GOZ is coming back to life.
Experts say they have seen definitive signs that GOZ is coming back to life.
In July researchers identified a potential new version of the GOZ malware, and just this week researchers at Arbor Networks said they have evidence that the GOZ botnet is coming back to life. The company has been operating five separate GOZ sinkholes and has seen more than 12,000 unique GOZ-infected IP addresses connecting to the servers. Now, researchers at IBM’s X-Force research team have seen a new version of Cridex, which is also known as Bugat and Feodo, using some of the same techniques that GOZ used to such good effect. Specifically, the new strain of malware has adopted GOZ’s penchant for using HTML injections, and the researchers say the technique is nearly identical to the way that GOZ handled it.
Read More
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}