Cyber crooks combine new Zeus variant and DDoS attacks

A new variant of the information-stealing Zeus Trojan – dubbed Gameover – is currently being delivered to unsuspecting victims via emails purportedly coming from the National Automated Clearing House Association, the Federal Reserve Bank, or the Federal Deposit Insurance Corporation, warns the FBI.

The fake emails tell the recipients about a problem with their bank account or a recent ACH transaction, and urge them to follow an embedded link in order to clear up the problem. Unfortunately, the link takes the victim to a site hosting the malware.

Once installed (under false pretenses) and run, Gameover begins collecting banking information. Armed with this information, the crooks behind the scheme access the victims’ bank accounts and bleed them dry. While doing this, they also stage a DDoS against the financial institution’s server in order to deflect attention from what they are doing.

“But that’s not the end of the scheme,” says the FBI. “Recent investigations have shown that some of the funds stolen from bank accounts go towards the purchase of precious stones and expensive watches from high-end jewelry stores.”

“The criminals contact these jewelry stores, tell them what they’d like to buy, and promise they will wire the money the next day. So the next day, a person involved in the money laundering aspect of the crime—called a ‘money mule’—comes into the store to pick up the merchandise. After verifying that the money is in the store’s account, the jewelry is turned over to the mule, who then gives the items to the organizers of the scheme or converts them for cash and uses money transfer services to launder the funds.”