Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Gameover’s Latest Version Makes Tough Removing It, States Sophos

Sophos the security company has said its researchers have identified the Gameover malicious program in a fresh version, which continues to filch Internet banking credentials and is programmed to make it considerably more difficult for eliminating.

Gameover, which's one PC Trojan, is an incarnation of the ZeuS banker Trojan the source code of which got exposed online during 2011. The malware is different from other malicious software crafted with ZeuS features as it utilizes P2P shared mechanism to issue commands and take control rather than utilize conventional servers; consequently, it's greatly immune to shutdown efforts.

The latest Gameover is spread through bulk unsolicited e-mails. These junk messages pose as invoices that the spammers are distributing. An attachment in the e-mails carries Upatre an installer malware.

Once run, Upatre pulls down a disguised replica of Gameover on the contaminated PC and even unscrambles as well as installs an info-stealer.

Senior Threat Researcher James Wyke from SophosLabs UK elaborated how after getting launched, Gameover places itself on the computer's Application Data folder, pulling along some binary data specific to the system. Softpedia.com published this, February 28, 2014.

Another damage that Gameover's latest version does is loading Necurs a rootkit in the form of kernel driver. Incase there are no administrative rights for the Trojan; while the infected computer has a 32-bit feature then Gameover acquires these rights by exploiting a kernel flaw on Windows.

But suppose the flaw is fixed, a prompt pertaining to the User Account Control gets exhibited at the time of the rootkit's installation, thus raising suspicion.

Moreover, incase the execution is also confirmed, else the flaw's exploitation occurs effectively then the malicious driver begins safeguarding Gameover and its elements.

According to Wyke, the rootkit is highly responsible for causing difficulty in eliminating Gameover off a contaminated system; consequently, the end-user remains infected for long, while gets his data exposed that Gameover bot-herders gain access to. Nakedsecurity.sophos.com reported this, February 27, 2014.

Sophos thinks in the latest incidence, perhaps both Gameover and Necurs have come together alternatively the Gameover controllers have acquired Necurs' code. In any case, whatever has happened is undesirable, concludes Wyke.

» SPAMfighter News - 3/8/2014

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page