Gameover Zeus most active banking trojan in 2013, researchers report

Share this article:
The Hesperbot trojan has been distributed via sophisticated phishing emails.
The most active banking trojan of 2013 was the Gameover variant Zeus, according to Dell SecureWorks.

The most active banking trojan of 2013 was the Gameover variant of Zeus, according to the latest research by the experts with the Dell SecureWorks Counter Threat Unit (CTU).

While Gameover Zeus accounted for 38 percent of banking trojan activity observed by CTU in 2013, Citadel was a close second, accounting for 33 percent of activity, and the standard Zeus came in third with 13 percent of activity, according to a report. Runners up include Shylock, Torpig, Gozi, Bugat, and IceIX, all of which fell between two and seven percent of monitored trojan activity.

“It's interesting to see how cyber criminals have been able to operate these botnets for years and have learned to adapt their tactics, techniques, and procedures to evade security products and services,” Brett Stone-Gross, senior security researcher with CTU, told SCMagazine.com in a Wednesday email correspondence. 

The scope of the problem is also noteworthy, Stone-Gross said, explaining that of the 900 financial institutions targeted in more than 65 countries around the globe, the majority of them were based out of the United States. These institutions include everything from commercial banks, credit unions and payroll vendors to social media and dating websites, according to the report.

“U.S. financial institutions have always been a target for financial fraud, since there are many accounts with large sums of money, and not all organizations have enough security protections in place to defend against sophisticated attacks due to a lack of budget and/or security expertise,” Stone-Gross said.

Financial institutions in Germany, Spain, Italy, Canada, France, Australia and the UK were also big targets, according to the report, which added that 2013 saw an increase in targeted organizations in the Middle East, Africa and Asia.

Gameover came on the scene in the middle of 2011 and has many similar properties to Zeus, such as logging keystrokes to steal banking credentials, but it also comes packaged with malicious functions that allow it to launch distributed denial-of-service (DDoS) attacks against financial institutions.

Most recently, a variant was discovered that allows Gameover to sneak past perimeter security – including firewalls, webfilters and network intrusion detection systems – by disguising itself as an encrypted EXE file.

Speaking on banking threats in 2014, Stone-Gross said that mobile malware will continue to increase in popularity as banks utilize SMS for two-factor authentication.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical ...

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm ...

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.