When a group of government agencies shut down the Gameover Zeus trojan last month, they warned others could take its place. Sure enough, it looks like that is happening now, putting users at risk.
Kronos, a malware strain that operates similarly to the now-mostly contained Gameover Zeus, recently debuted on the black market with the hefty asking price of $7,000. (Kronos is the father of Zeus in Greek mythology.)
Since the Gameover Zeus trojan sold for a few hundred dollars, the higher asking price might be the result of the crackdown putting it mostly out of business. The malware also warrants a high asking price because according to reports it’s able to evade most security researchers and antivirus programs, and it also is compatible with Zeus, which is widely used already.
Other malware based on Zeus
In a possibly related attack, Malcovery has discovered several spam emails that contain malware designed to exploit Gameover Zeus botnets. This marks the first time the malware has surfaced since law enforcement officials took down the domains associated with it and Cryptolocker.
This attack appears to be connecting to an IP address registered in China.
While the Department of Justice has emphasized it’s different than the Gameover botnet that it was able to shut down, this attack shows the threat goes on. In fact, Gameover attacks have netted $100 million-plus to-date.
Cleaning up infections
The best step right now is to check your systems to be sure they don’t have any traces of Gameover Zeus, active or otherwise. This site can help determine whether you’re infected.
As some commenters have pointed out, blocking IP addresses in China may cut down on these attacks. But alerting users to the danger and asking them to report any suspicious activity remains a safe bet as well.