The Lifecycle of Peer-to-Peer (Gameover) ZeuS

The Dell SecureWorks Counter Threat Unit(TM) (CTU) research team continues to monitor the latest advancements to the ZeuS banking Trojan horse malware family. One of the most significant developments since the leak of the ZeuS source code in May 2011 has been the introduction of a private peer-to-peer (P2P) version, first identified in October 2011, which removes the centralized command and control (C2) infrastructure previously required to push configuration files, updates, and collect information harvested from infected computers. Over the past year, CTU researchers have tracked the tools, techniques, and modus operandi of the attackers behind the P2P version of ZeuS, and have gained a comprehensive view into the thriving underground economy.

More Info