Bank-stealing malware returns after US crackdown

Jul 11, 2014
Malicious software used to steal millions from bank accounts has re-emerged a month after US authorities broke up a major hacker network using the scheme, Sydney, July 9, 2012

Malicious software used to steal millions from bank accounts has re-emerged a month after US authorities broke up a major hacker network using the scheme, security researchers say.

The security firm Malcovery said it identified a new trojan based on the Gameover Zeus malware, which officials said infected up to one million computers in 12 countries, and was blamed in the theft of more than $100 million.

"This discovery indicates that the criminals responsible for Gameover's distribution do not intend to give up on this botnet even after suffering one of the most expansive botnet takeovers/takedowns in history," Malcovery said in a blog post Thursday.

By infecting large numbers of computers, the were able to control the devices to steal passwords and send out emails to further spread the infection.

The news came as the Department of Justice said it had made progress in rooting out the malware infections.

In a status report filed in court, officials said that "all or nearly all of the active computers infected with Gameover Zeus have been liberated from the criminals' control and are now communicating exclusively with the substitute server established pursuant to court order."

A blog post by the security firm Emsisoft said the new variant may be harder to combat, because it is using "an evasive technique that allows the botnet to hide its distributive phishing sites behind a constantly shuffling list of infected, proxy computers."

Gameover Zeus, which first appeared in September 2011, stole bank information and other confidential details from victims.

The FBI blamed the Gameover Zeus for the theft of more than $100 million, obtained by using the stolen bank data and then "emptying the victims' and diverting the money to themselves."

The June crackdown also targeted another computer virus, dubbed "Cryptolocker," which appeared in September 2013.

Russian Evgeniy Mikhailovich Bogachev, 30, an alleged administrator of the network, was charged in Pittsburgh, Pennsylvania, with 14 counts including conspiracy, computer hacking, bank fraud and money laundering in the Gameover Zeus and Cryptoblocker schemes.

Explore further: Judge lets US intercept info from hacked computers (Update)

add to favorites email to friend print save as pdf

Related Stories

Judge lets US intercept info from hacked computers (Update)

Jun 03, 2014

The Justice Department can continue to intercept information from 350,000 computers worldwide that are known to be infected with a data-stealing virus being spread by an alleged Russian computer hacker and his conspirators, ...

US disrupts hacking schemes that stole millions

Jun 02, 2014

A band of hackers implanted viruses on hundreds of thousands of computers around the world, secretly seized customer bank information and stole more than $100 million from businesses and consumers, the Justice Department ...

Media shock stories about GameOver Zeus are not helpful

Jun 06, 2014

We need to watch out for headlines like the ones earlier this week warning that people had two weeks to protect themselves from a "powerful computer attack". It can end up scaring people who have little idea ...

Bank account-draining Zeus gets lots of action in 2013

Jun 05, 2013

(Phys.org) —A Trojan program designed to steal money from people's bank accounts has not only been around for years but is now on the rise. A New York Times Bits blog report said it is enjoying a good l ...

Recommended for you

Google made failed bid for Spotify

4 hours ago

Internet titan Google tried last year to buy streaming music service Spotify but backed off for reasons including a whopping price tag, the Wall Street Journal reported on Tuesday.

Thieves got into 1K StubHub accounts

4 hours ago

(AP)—Cyber thieves got into more than 1,000 StubHub customers' accounts and fraudulently bought tickets for events through the online ticket reseller, a law enforcement official and the company said Tuesday.

Putin signs law seen as crimping social media

16 hours ago

President Vladimir Putin on Tuesday signed a law requiring Internet companies to store all personal data of Russian users at data centres in Russia, a move which could chill criticism on foreign social networking ...

User comments : 0