Back in June, the United States Department of Justice and other law enforcement authorities were able to take over the network of Gameover Zeus botnets in a spate of massive crackdown. The network then consisted of up to a million infected computers. Now, security experts claim that cyber criminal groups are working to build up the botnet again from scratch.
While other forms of cybercrime never had the chance to regain momentum after a comprehensive takedown by authorities, the Gameover Zeus rebuilding showed some successful trials, according to security experts. These botnets are responsible for the wave of spam messages that hit our emails.
What could contribute to this success is the fact that the first Gameover Zeus botnet was created with a modification of a certain Zeus Trojan version. Creators of the Gameover Zeus then built a command-and-control server with a peer-to-peer infrastructure in order to make the botnet flexible to attempts of a takedown.
That is why a few months after the botnet network was busted, a fresh variant of the Gameover Zeus is spotted in the wild by security researchers, representing a rise of what most in the security community believed to have gone away forever. This time, the variant is said to be using various domain names instead of a peer-to-peer-based command-and-control architecture.
The domain generation algorithm that has been seen in use works to produce thousands of new and random domain names at a time and communicate with the botnets. Equipped with the knowledge of how the domain generation algorithm operates, hackers are able to anticipate the domain names that a particular malware will target on a given time by identifying that computer in advance and assigning a certain server to contact it before the infection is carried out.
In this case, security experts will really have a hard time stopping this network of botnets from rising again since the domains are being generated into unique ones each time. And that process is continuous as long as necessary. Unless the algorithm will be cracked, which is almost improbable. But if that can be done, then researchers will be able to determine the total number of infected computers.
Reports had it that two new Gameover Zeus configurations use different domain generation algorithms that create thousands of domain names every day. In mid July, the number of victims of this botnet grew to up to 500, and in just a matter of days the number increased to nearly 9,000.
According to reports, the new variant of Gameover Zeus botnet is in the process still of rebuilding.