Gameover ZeuS

From Wikipedia, the free encyclopedia

GameOverZeus is a peer-to-peer botnet based on components from the earlier ZeuS trojan. The malware was created by Russian hacker Evgeniy Mikhailovich Bogachev. It is believed to have been spread through use of the Cutwail botnet.[1]

Unlike its predecessor the ZeuS trojan, Gameover ZeuS uses an encrypted peer-to-peer communication system to communicate between its nodes and its command and control servers, greatly reducing its vulnerability to law enforcement operations.[1] The algorithm used appears to be modeled on the Kademlia P2P protocol.[2]

Scammers control and monitor Gameover ZeuS via command and control (C&C) servers. The virus establishes the connection to the server as soon as its malicious executable installs on the computer, at which point it can disable certain system processes, download and launch executables, or delete essential system files, making the system unusable.[3]

According to a report by Symantec, Gameover ZeuS has largely been used for banking fraud and distribution of the CryptoLocker ransomware.[4]

The top infected countries were US, Italy, UAE, Japan, India and the UK.[5]

Evgeniy Mikhailovich Bogachev[edit]

In early June 2014, the U.S. Department of Justice announced that an international inter-agency collaboration named Operation Tovar had succeeded in temporarily cutting communication between Gameover ZeuS and its command and control servers.[6][7] This was an effort to shut down the Evgeniy Mikhailovich Bogachev criminal infrastructure and liberate computers infected with GameOver ZeuS.[8]

"He has been indicted in the United States, accused of creating a sprawling network of virus-infected computers to siphon hundreds of millions of dollars from bank accounts around the world, targeting anyone with enough money worth stealing."[8] In a widely circulated photo, he is pictured holding a domestic Bengal cat.

Bitdefender has identified two Gameover ZeuS variants in the wild: one of them generates 1,000 domains per day and the other generates 10,000 per day.[9]

FBI reward[edit]

On 24 February 2015, the FBI announced a reward of up to $3 million in exchange for information regarding alleged Russian cybercriminal Evgeniy Mikhailovich Bogachev (also known online as "Slavik", "lucky12345", "Pollingsoon", "Monstr", "IOO" and "Nu11")[10] over his suspected association with Gameover ZeuS.[11][12]

The FBI reward of $3 million was the highest ever for a cybercriminal.[13] until on Thursday, 5 December 2019, the F.B.I. issued a $5 million reward for the leader of the 'Evil Corp' hacker group, Maksim Viktorovich Yakubets for the development and deployment of the Dridex banking trojan virus.[14]

See also[edit]


  1. ^ a b Brian Krebs (2 June 2014). "'Operation Tovar' Targets 'Gameover' ZeuS Botnet, CryptoLocker Scourge". Krebs on Security. Archived from the original on 4 June 2014. Retrieved 4 June 2014.
  2. ^ By Counter Threat Unit™ (CTU) Research Team. "Gameover Zeus re-emerges without peer-to-peer capability". SecureWorks. Archived from the original on 5 March 2016. Retrieved 9 March 2016.
  3. ^ "Zeus Trojan reigns at the top position of the most dangerous malware list". 2-spyware. 14 June 2017. Archived from the original on 10 June 2017. Retrieved 20 June 2017.
  4. ^ "International Takedown Wounds Gameover Zeus Cybercrime Network". Symantec. 2 June 2014. Archived from the original on 4 June 2014. Retrieved 4 June 2014.
  5. ^ "Endpoint Protection - Symantec Enterprise".
  6. ^ John E. Dunn (2 June 2014). "Operation Tovar disconnects Gameover Zeus and CryptoLocker malware - but only for two weeks". TechWorld. Archived from the original on 6 June 2014. Retrieved 4 June 2014.
  7. ^ "U.S. Leads Multi-National Action Against "Gameover Zeus" Botnet and "Cryptolocker" Ransomware, Charges Botnet Administrator". U.S. Department of Justice. 2 June 2014. Archived from the original on 3 September 2014. Retrieved 22 November 2020.
  8. ^ a b Schwirtz, Michael; Goldstein, Joseph (12 March 2017). "Russian Espionage Piggybacks on a Cybercriminal's Hacking". The New York Times. Archived from the original on 20 August 2018. Retrieved 21 April 2019.
  9. ^ Cosovan, Doina (6 August 2014). "Gameover Zeus Variants Targeting Ukraine, US". BitDefender LABS. Archived from the original on 9 August 2014. Retrieved 9 August 2014.
  10. ^ Gilbert, David (3 June 2014). "Gameover for Slavik - The Cybercrime Kingpin Behind the Zeus Malware. Evgeniy Bogachev unmasked". International Business Times. Archived from the original on 3 June 2014. Retrieved 3 June 2014.
  11. ^ Perez, Evan (24 February 2015). "U.S. puts $3 million reward for Russian cyber criminal". CNN. CNN. Archived from the original on 25 February 2015. Retrieved 24 February 2015.
  12. ^ "US offers $3m reward for arrest of Russian hacker Evgeniy Bogachev". BBC News. 24 February 2015. Archived from the original on 9 March 2017. Retrieved 21 June 2018.
  13. ^ Clark Estes, Adam (13 March 2017). "The World's Most Wanted Hacker Sounds Like a Goddamn James Bond Villain". Gizmodo. Gizmodo Media Group. Archived from the original on 21 April 2019. Retrieved 21 April 2019.
  14. ^ "Feds Offer $5M Reward to Nab 'Evil Corp' Dridex Hacker". Archived from the original on 2019-12-06. Retrieved 2019-12-06.