Zeus Gameover is a malware derived from the Zeus family of malicious software Just like other strains of Zeus, it steals bank credentials and is a loader of the cryptolocker ransomware.
Cybercriminals deploy it in an effort to gather as much financial information from their victims as possible before making their next move. Other than steal financial information from their targets, the bot also acts as a malware loader with the capability of bringing on board other viruses, worms, remote access Trojans (RATS), and such. These capabilities make it the most advanced member of the Zeus family tree.
The Goz gang which is believed to be behind the Gameover Zeus botnet (GOZ), is known to relentlessly monitor infected computers for any attempts at removing the malware, they even correct weakness in the virus in real-time to make it more effective.
What Does The Zeus GameOver Malware Do?
The primary purpose of GOZ is to steal financial information (banking sessions) from unsuspecting victims so that the cyber-criminals behind it can then use the information to perpetrate financial and identity fraud.
As a botnet, the virus is powered by remote servers which issue various commands depending on the objectives of the Goz gang. It is also capable of organizing computers so that they can act together to achieve complex goals such as infecting an entire network with ransomware.
Key Differences ofBetween GameOver Zeus vs. ZeuS
One of the key differences between the Gameover Zeus bot and Zeus is that the latter is older and not as sophisticated as the more recent Gameover Zeus. Zeus, which has not been active for some time now, is not a malware loader, as there is no record of it unleashing ransomware as is the case with GOZ.
Another difference between GOZ and its progenitor is that GOZ is a peer-to-peer (P2P) malware extension that has an extensive P2P architecture. This makes it more difficult to track and to shut it down.
Gameover Zeus Removal Process
It is particularly hard to remove the Gameover Zeus botnet for several reasons. First, the malware has very effective evasive techniques such as staying hidden for extended periods of time. Secondly, because it is a RAT, it can be activated at night when no one is monitoring office computers. Not to mention, the cybercriminals behind the malware are able to mend any weaknesses in their creation in real-time, which is an effective strategy against attempts at detection and removal.
That is why you should consider using a powerful anti-malware such as Outbyte Antivirus if you are certain that your PC has been infected by GOZ. When using the anti-malware solution, run your computer in Safe Mode with Networking, as this will allow you to access network resources that can aid in the removal process. To boot your computer into Safe Mode with Networking, take the following steps:
- Press the Windows logo and go to Settings.
- Select Update & Security > Recovery.
- Under Advanced startup, select Restart now.
- From the Choose an Option screen that appears after your computer restarts, select Troubleshoot > Advanced options > Startup Settings > Restart.
- After your computer restarts, press F5 to select Safe Mode with Networking.
Safe Mode with Networking is a basic Windows state that will limit the Windows OS to its default settings, apps, and configuration. It is ideal for scanning for malware.
After you are done with the anti-malware tool, go ahead and download a PC repair tool. The PC repair tool will delete all the junk files that exist on your computer and in the process scan all the hiding places that the malware entity is relying on. It will also clean your registry entries and remove the ‘hooks’ that GOZ use to maintain an active infection.
After you are done scanning your computer with an antivirus, you still need to activate one or two Windows recovery processes just to be sure that the virus has been removed for good.
The System Restore utility is a Windows recovery process that undoes any changes to your computer’s apps, settings and configuration past a certain restore point. In the case of an infection by GOZ, the ideal restore point is a time when the infection had not taken hold of your PC.
Here is how to use System Restore on a Windows 10 computer:
- On the Windows sign-in screen, press Shift key while selecting Power > Restart.
- On the Choose an Option screen that appears after your computer restarts, select Troubleshoot > Advanced options > System Restore.
- Follow the on-screen directions to complete the system restore process.
Refresh your PC
You can also choose to refresh your computer in which case, the Windows OS will revert to its default state. You don’t have to worry about losing your files as the refresh option allows you to keep them.
Here are the steps to take when refreshing Windows:
- Go to Settings > Change PC settings.
- Click Update and recovery.
- Under Refresh your PC without affecting your files, click Get started.
- Follow the on-screen instructions to complete the process.
How Did the Gameover Zeus (GOZ) Botnet Infect My Computer?
Like most malware entities, GOZ is mostly spread through phishing campaigns. The criminals behind the bot usually send fictitious emails that trick users to click on them. It is that simple action that triggers an infection.
Other known ways in which the malware is spread is through malicious links that are found in unsecure sites. The bot can also be downloaded as part of another software package. So, to keep yourself safe from infection, try not to open emails whose source you are not familiar with. Also, pay extra attention when visiting unsecure sites, don’t click on ads and links if you don’t have to, as these are often the ones that are used to instigate an infection. Finally, if possible, buy rather than a pirated software product, as pirated software and programs are known carriers of various malware, including Gameover Zeus.
If you have any questions, comments or suggestions regarding GOZ, please feel free to use the comment section below.