Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Notorious "Gameover" malware gets itself a kernel-mode rootkit...

04 Mar 2014   #1

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x64 SP1
Notorious "Gameover" malware gets itself a kernel-mode rootkit...

Zeus, also known as Zbot, is a malware family that we have written about many times on Naked Security.

We've covered it as plain old Zbot.

We've covered the Citadel variant, which appeared when the original Zbot code was leaked online.

We've even written about the time it pretended to be a Microsoft fix for CryptoLocker, a completely different strain of malware.

Currently, the most widespread Zbot derivative is the Gameover bot, also known as Zeus P2P because of its use of peer-to-peer network connectivity for command and control.

The Gameover gang has been trying new techniques recently: hot on the heels of code to target logged-in users of cloud-based CRM comes the introduction of a kernel-mode rootkit.

The code for this rootkit comes from another notorious malware family known as Necurs.

A Guy

My System SpecsSystem Spec

04 Mar 2014   #2

W7 Ultimate 32-bit

quote article;
"This particular strain of Gameover is being delivered through spam messages containing fake invoices."

That's why I tell my neighbour, if he is going to use gmail or live, he should get Thunderbird and go POP3, any email where I don't recognise the sender, I go to 'View' => message source....and read the paths, most spam I get comes through a block of servers. Even if AVG passes it, if it is no one I've done business with or comes from a block of anonymous servers, it gets deleted, unopened, and I restart Thunderbird.
My System SpecsSystem Spec
09 Mar 2014   #3

Windows 7 Pro. 64/SP-1

I wonder if the FTC could of use this.

Racketeer Influenced and Corrupt Organizations Act - Wikipedia, the free encyclopedia

Under RICO, a person who has committed "at least two acts of racketeering activity" drawn from a list of 35 crimes—27 federal crimes and 8 state crimes—within a 10-year period, if such acts are related in one of four specified ways to an "enterprise," can be charged with racketeering. Those found guilty of racketeering can be fined up to $25,000 and sentenced to 20 years in prison per racketeering count. In addition, the racketeer must forfeit all ill-gotten gains and interest in any business gained through a pattern of "racketeering activity." RICO also permits a private individual harmed by the actions of such racketeers to file a civil suit; if successful, the individual can collect treble damages (damages in triple the amount of actual/compensatory damages).
My System SpecsSystem Spec


 Notorious "Gameover" malware gets itself a kernel-mode rootkit...

Thread Tools

Similar help and support threads for2: Notorious "Gameover" malware gets itself a kernel-mode rootkit...
Thread Forum
Solved "Can't Open ACPI ATK0100 kernel Mode Driver" error at boot. Drivers
BSOD "Unexpected Kernel Mode Trap" occurring randomly BSOD Help and Support
BSOD "Bad Pool Header" and "Page In Nonpage Area" Runs in Safe Mode BSOD Help and Support
Solved "NVIDIA Kernel Mode Driver Version 186.75" Drivers
Professional's "XP" mode vs Premium's "compatability" General Discussion

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 10:22 AM.
Twitter Facebook Google+

Windows 7 Forums

Seven Forums Android App Seven Forums IOS App

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33