Symantec has spotted a resurgence in use of the Zeus malware following the high-profile international takedown operation against the Gameover Zeus botnet, indicating that the attack tool is still as popular as ever.
Associate threat analyst at Symantec Ankit Singh said the firm spotted Zeus use when forensically examining a recent attack on the AskMen.com site that occurred last week.
“Last week, it was reported that popular web portal AskMen.com was compromised to redirect users to a malicious website that hosted the Nuclear Exploit Kit. Symantec has found during investigations that users were also redirected to the Rig Exploit Kit during this attack,” read the report.
“We found that the Rig Exploit Kit dropped a range of different malware samples, including the Zeus banking Trojan (Trojan.Zbot) and the CryptoDefense ransomware (Trojan.Cryptodefense).”
Singh cited Zeus use as proof that criminals are still interested in the malware, despite ongoing work by law enforcement to combat it.
“In early June, [law enforcement] announced that it took down a significant portion of the Gameover Zeus botnet. This latest incident shows that despite the takedown, attackers still see Zeus as an attractive payload to deliver in their campaigns,” read the report.
The takedown operation saw law enforcement agencies across the globe, including the UK National Crime Agency (NCA), mount a co-ordinated sting operation that temporarily shut down the Gameover Zeus botnet, which was estimated to have enslaved between 500,000 and one million computers at its peak.
The temporary takedown was designed to give victims a window of opportunity to purge the malware from their systems, and separate the machine from the botnet’s command-and-control server. The deadline for system administrators and web users to purge their systems passed in June.
The operation was heralded as a success by the UK government, which currently lists combating cyber crime and increasing the region’s cyber defences as a top priority. Experts from the security community told V3 in June that, despite being a positive move, the takedown could lead to more dangerous attacks.
Singh agreed: “Attackers often use the newest exploit kits, as they believe that security software may not yet detect the kits’ activities.”
The Gameover Zeus takedown is one of many initiatives from law enforcement and government agencies to help combat cyber crime.
The UK Government Communications Headquarters (GCHQ) pledged to share cyber threat intelligence and “select” intellectual property with wider industry, in a bid to help protect them from hackers in June.