This article provides information on the malware called Gameover Zeus.
Applies to the following Sophos product(s) and version(s)
Not product specific
What is "Gameover Zeus"?
Gameover Zeus, or just "Gameover" is a well-known piece of malware that allows an innocent users' computer to be controlled remotely for criminal activity. If infected your computer then becomes part of a botnet - which is a large number of infected computers that can be used collectively by a centrally controlled computer.
Does Sophos Anti-Virus protect me from Game Over Zeus?
What operating systems are affected?
What does Sophos Anti-Virus detect "Game Over Zeus" as?
We detect and block the various components of this malware under the following names:
|Detection name ||Protected since ||Protection updated |
|HPmal/Zbot-C ||Jun 2011 ||Feb 2014 |
|Troj/ZbotMem-B ||Mar 2011 ||Jul 2012 |
|Troj/NecKMem-A ||Sep 2012 ||Mar 2014 |
|Mal/DrodZp-A ||Jul 2012 ||Oct 2012 |
|Troj/Zbot-HTQ ||Feb 2014 ||Feb 2014 |
|Troj/Zbot-HTS ||Feb 2014 ||Feb 2014 |
|Troj/Necurs-BD ||Feb 2014 ||Feb 2014 |
What identity (.IDE) files cover the detection?
We release IDE files to 'top up' the main virus engine. After three months the IDE files are combined with the virus engine. Because of the age of the detections there is no particular IDE name you need to check for on disk - simply ensure you are up to date.
For the IDE released in February 2014: Troj/Zbot-HTQ is covered under zbot-htr.ide; Troj/Zbot-HTS is covered under rovnix-a.ide; Troj/Necurs-BD is covered under zbot-hqu.ide. Note: For up to date installations these IDE files will not be present in the Sophos Anti-Virus folder.
You may find it useful to know, as an example, that an IDE file called weels-o.ide was released on June 9th 2014. Hence the presence of this file (C:\Program Files (x86)\Sophos\Sophos Anti-Virus\weels-o.ide) shows your installation is up to date as of Monday June 9th.