Analysis of the new Gameover configuration file, at the disposal of F-Secure, has shown that the operators of this Trojan opened the hunting season in the Italian system of online banking. The updated file spelled about a dozen of these systems, including local services Deutsche Bank, – the connection to which is to monitor the malware. Among the targets were and Arab banks.
Experts automated collection IP-addresses P2P modified ZeuS, known as Gameover, last May. Distribution area Gameover covers North and South America, Western Europe, CIS, Africa, the Middle East and the Asia-Pacific region. To their surprise, about 10% of infections accounted for one country – Italy.
These F-Secure confirmed by statistics SecureWorks (now in the Dell), reduced vdobrotnom study on Gameover, which was published last July. According to the SecureWorks, the share of Italy has 9,2% IP-addresses associated with the Trojan, and 5.1% of unique bots (the discrepancy in numbers due to the fact that the experts fixed dynamic IP). Italy takes 3rd place in the Top 10 countries by number of infections Gameover – after the United States (22.1% bots, 29,2% IP-addresses) and Germany (7.2% and 4.7%, respectively).
Gameover was identified as ZeuS P2P modification last fall, although the botnet created on its basis, RSA discovered the year before. According to SecureWorks, now a part of this botnet including about 680 thousand infected computers in 226 countries. Gameover spread through spamming botnets Cutwail. URL, sent out in spam emails, attached to hacked sites that redirect the user to exploit the site, Blackhole. As a result of working out an exploit on the victim loaded daunlouder known as Pony, who is pumping with a third-party resource target binary.
According to statistics from SecureWorks, from March to July Gameover attacked more than 40 financial institutions – mostly small. He was particularly bothered the Americans, and the FBI warning neodnokratnopublikovalo spamming aimed at sowing of malware, as well as a special trick that is used its operators. To prevent fraudulent withdrawal transactions initiated Gameover, attackers parallel conduct DDoS-attack on the bank site.