Forgot your password?
typodupeerror
Security Botnet

New Cridex Malware Copies Tactics From GameOver Zeus 18

Posted by samzenpus
from the imitation-is-the-sincerest-form-of-flattery dept.
Trailrunner7 writes The GameOver Zeus malware had a nice run for itself, making untold millions of dollars for its creators. But it was a run that ended with a multi-continent operation from law enforcement and security researchers to disassemble the infrastructure. Now researchers have identified a new variant of the Cridex malware that has adopted some of the techniques that made GOZ so successful in its day.

Researchers at IBM's X-Force research team have seen a new version of Cridex, which is also known as Bugat and Feodo, using some of the same techniques that GOZ used to such good effect. Specifically, the new strain of malware has adopted GOZ's penchant for using HTML injections, and the researchers say the technique is nearly identical to the way that GOZ handled it.

"There are two possible explanations for this. First, someone from the GOZ group could have moved to the Bugat team. This would not be the first time something like this has happened, which we've witnessed in other cases involving Zeus and Citadel; however, it is not very likely in this case since Bugat and GOZ are essentially competitors, while Zeus and Citadel are closely related. The second and more likely explanation is that the Bugat team could have analyzed and perhaps reversed the GOZ malware before copying the HTML injections that made GOZ so highly profitable for its operators," Etay Maor, a senior fraud prevention strategist at IBM, wrote in an analysis of the new malware.
This discussion has been archived. No new comments can be posted.

New Cridex Malware Copies Tactics From GameOver Zeus

Comments Filter:
  • ... plus a third, in that no lessons were learned from those two.

  • United States 58.4% spam king. China 5.6%. The United States is the leading malware-hosting nation. U.S. hosted 44 percent of all malware. Even the U.S. government is doing it: "After failing to infect targets with malware in spam emails, the U.S. National Security Agency has reportedly turned to Facebook. According to a report by The Intercept, the NSA “disguises itself as a fake Facebook server” to perform “man-in-the-middle” and “man-on-the-side” attacks and spread

"Well, social relevance is a schtick, like mysteries, social relevance, science fiction..." -- Art Spiegelman

Working...