Information on Gameover Zeus

  • Article ID: 121082
  • Rating:
  • 2 customers rated this article 3.0 out of 6
  • Updated: 10 Jun 2014

This article provides information on the malware called Gameover Zeus.

Applies to the following Sophos product(s) and version(s)

Not product specific

What is "Gameover Zeus"?

Gameover Zeus, or just "Gameover" is a well-known piece of malware that allows an innocent users' computer to be controlled remotely for criminal activity. If infected your computer then becomes part of a botnet - which is a large number of infected computers that can be used collectively by a centrally controlled computer.

Does Sophos Anti-Virus protect me from Game Over Zeus?


What operating systems are affected?

Windows only.

What does Sophos Anti-Virus detect "Game Over Zeus" as?

We detect and block the various components of this malware under the following names:

Detection name Protected since Protection updated
HPmal/Zbot-C Jun 2011 Feb 2014
Troj/ZbotMem-B Mar 2011 Jul 2012
Troj/NecKMem-A Sep 2012 Mar 2014
Mal/DrodZp-A Jul 2012 Oct 2012
Troj/Zbot-HTQ Feb 2014 Feb 2014
Troj/Zbot-HTS Feb 2014 Feb 2014
Troj/Necurs-BD Feb 2014 Feb 2014

What identity (.IDE) files cover the detection?

We release IDE files to 'top up' the main virus engine.  After three months the IDE files are combined with the virus engine.  Because of the age of the detections there is no particular IDE name you need to check for on disk - simply ensure you are up to date.

For the IDE released in February 2014: Troj/Zbot-HTQ is covered under zbot-htr.ide; Troj/Zbot-HTS is covered under rovnix-a.ide; Troj/Necurs-BD is covered under zbot-hqu.ide.  Note: For up to date installations these IDE files will not be present in the Sophos Anti-Virus folder.

You may find it useful to know, as an example, that an IDE file called weels-o.ide was released on June 9th 2014. Hence the presence of this file (C:\Program Files (x86)\Sophos\Sophos Anti-Virus\weels-o.ide) shows your installation is up to date as of Monday June 9th.

More Information

If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent