Gameover malware tougher to kill with new rootkit component

IDG News Service – A new variant of the Gameover malware that steals online banking credentials comes with a kernel-level rootkit that makes   it significantly harder to remove, according to security researchers from Sophos.

Gameover is a computer Trojan based on the infamous Zeus banking malware whose source code was leaked on the Internet in 2011.   Gameover stands apart from other Zeus-based Trojan programs because it uses peer-to-peer technology for command and control   instead of traditional servers, making it more resilient to takedown attempts.

At the beginning of February, researchers from security firm Malcovery Security, reported that a new variant of Gameover was being distributed as an encrypted .enc file in order to bypass network-level defenses. However, the latest trick from the Gameover authors involves using a kernel rootkit   called Necurs to protect the malware’s process from being terminated and its files from being deleted, researchers from Sophos   said Thursday in a blog post.

The latest Gameover variant is being distributed through spam emails purporting to come from HSBC France with fake invoices   in .zip attachments. These attachments don’t contain the Gameover Trojan program itself, but a malicious downloader program   called Upatre which, if run, downloads and installs the banking malware. (Read More)

This entry was posted in News, Security Awareness. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *