Gameover’s Latest Version Makes Tough Removing It, States Sophos
Sophos the security company has said its researchers have identified the Gameover malicious program in a fresh version, which continues to filch Internet banking credentials and is programmed to make it considerably more difficult for eliminating.
Gameover, which's one PC Trojan, is an incarnation of the ZeuS banker Trojan the source code of which got exposed online during 2011. The malware is different from other malicious software crafted with ZeuS features as it utilizes P2P shared mechanism to issue commands and take control rather than utilize conventional servers; consequently, it's greatly immune to shutdown efforts.
The latest Gameover is spread through bulk unsolicited e-mails. These junk messages pose as invoices that the spammers are distributing. An attachment in the e-mails carries Upatre an installer malware.
Once run, Upatre pulls down a disguised replica of Gameover on the contaminated PC and even unscrambles as well as installs an info-stealer.
Senior Threat Researcher James Wyke from SophosLabs UK elaborated how after getting launched, Gameover places itself on the computer's Application Data folder, pulling along some binary data specific to the system. Softpedia.com published this, February 28, 2014.
Another damage that Gameover's latest version does is loading Necurs a rootkit in the form of kernel driver. Incase there are no administrative rights for the Trojan; while the infected computer has a 32-bit feature then Gameover acquires these rights by exploiting a kernel flaw on Windows.
But suppose the flaw is fixed, a prompt pertaining to the User Account Control gets exhibited at the time of the rootkit's installation, thus raising suspicion.
Moreover, incase the execution is also confirmed, else the flaw's exploitation occurs effectively then the malicious driver begins safeguarding Gameover and its elements.
According to Wyke, the rootkit is highly responsible for causing difficulty in eliminating Gameover off a contaminated system; consequently, the end-user remains infected for long, while gets his data exposed that Gameover bot-herders gain access to. Nakedsecurity.sophos.com reported this, February 27, 2014.
Sophos thinks in the latest incidence, perhaps both Gameover and Necurs have come together alternatively the Gameover controllers have acquired Necurs' code. In any case, whatever has happened is undesirable, concludes Wyke.
» SPAMfighter News - 08-03-2014