Gameover Zeus

On Monday June 2nd 2014, the US Department of Justice announced an ongoing operation to take down the infamous Gameover Zeus and CryptoLocker cybercrimal botnet infrastructures. “Operation Tovar” is a joint effort between international law enforcement agencies, such as the FBI, UK NCA and Europol/EC3, plus multiple private partners. The actual botnet take over occurred on Friday May 30th 2014 and is still ongoing as an active operation. The Shadowserver Foundation has participated by providing operational infrastructure and gathering data on infected clients for the purposes of victim notification and remediation.

A full description and history of Gameover Zeus can be found on our blog.

You can obtain free nightly reports for your networks by signing up for them here.

Am I infected?

You can check to see if you are infected with Gameover Zeus by looking at: https://scan.shadowserver.org/goz/gozcheck/.

Statistics

The statistics shown below are a combined total of the the unique IPs that were seen connecting to the Gameover Zeus infrastructure via:

1. P2P layer (peer) communications.
2. HTTP proxy communications.
3. Fallback DGA (domain generation algorithm) communications.

If you would like daily statistics please take a look at: https://scan.shadowserver.org/goz/stats/.

---

The Shadowserver Foundation is a non-profit organization that provides infection notification and remediation information for many types of computer security threats. If you are a hosting provider, internet provider or a CERT with a constituency you can sign up to receive free nightly reports on your networks.

Copyright © 2014 · All Rights Reserved · The Shadowserver Foundation