Quickly check if you are part of the GameOver Zeus botnet

A few days ago I read a statement published by the FBI announcing the interruption of a P2P botnet called GameOver and based on the famous banking Trojan Zeus. Today the company F-Secure has released a simple tool that does not require any installation and that allows you to quickly verify if your computer is infected with this malware.

You should only access this address f-secure.com/gameoverzeus

P2P botnets have been known for many years and have several advantages over typical botnets where there is a control center from which orders are sent to all infected computers. One of them is that they do not have a single C&C (command and control) that controls them all and therefore they are more difficult to dismantle.

Gameover Zeus (GOZ) was looking to make money by installing other malwares and stealing bank details. And one of the actions it was taking was infecting browsers to modify websites locally by adding new fields on forms. Something typical of banking Trojans.

This is exactly what the F-Secure team took advantage of to create the tool, what they do is load through an iframe a page that they control so that GameOver -if it was present in the team- thinks that it is entering a legitimate URL of which can steal information and inject extra codes to modify it.

The tool verifies if these modifications are made or not and thus determines if the computer is infected with GameOver. It is a very simple idea that works with the versions of malware known so far and which is used to quickly verify if our team is part of this P2P botnet.

If you see the green message MOST LIKELY NOT INFECTED it means that your computer is not infected, at least with GameOver.