Malicious software used to steal millions from bank accounts has re-emerged a month after US authorities broke up a major hacker network using the scheme, security researchers say.

The security firm Malcovery said it identified a new trojan based on the Gameover Zeus malware, which officials said infected up to one million computers in 12 countries, and was blamed in the theft of more than $100 million.

“This discovery indicates that the criminals responsible for Gameover’s distribution do not intend to give up on this botnet even after suffering one of the most expansive botnet takeovers/takedowns in history,”.

By infecting large numbers of computers, the cybercriminals were able to control the devices to steal passwords and send out emails to further spread the infection.

The news came as the Department of Justice said it had made progress in rooting out the malware infections.

In a status report filed in court, officials said that “all or nearly all of the active computers infected with Gameover Zeus have been liberated from the criminals’ control and are now communicating exclusively with the substitute server established pursuant to a court order.”

A blog post by the security firm Emsisoft said the new variant may be harder to combat because it is using “an evasive technique that allows the botnet to hide its distributive phishing sites behind a constantly shuffling list of infected, proxy computers.”

Gameover Zeus, which first appeared in September 2011, stole bank information and other confidential details from victims.

The FBI blamed the Gameover Zeus botnet for the theft of more than $100 million, obtained by using the stolen bank data and then “emptying the victims’ bank accounts and diverting the money to themselves.”

The June crackdown also targeted another computer virus, dubbed “Cryptolocker,” which appeared in September 2013.

Russian Evgeniy Mikhailovich Bogachev, 30, an alleged administrator of the network, was charged in Pittsburgh, Pennsylvania, with 14 counts including conspiracy, computer hacking, bank fraud, and money laundering in the Gameover Zeus and Cryptoblocker schemes.

Originally from: http://news.yahoo.com/bank-stealing-malware-returns-us-crackdown-193233883.html

The following routers may be vulnerable depending on firmware version: E4200, E3200, E3000, E2500, E2100L, E2000, E1550, E1500, E1200, E1000,E900

Linksys Router Users Malware (worm) Warning

A malicious new worm has been detected in more than 1,000 Linksys home and small-office routers, according to researchers at the SANS Institute of Bethesda, Md.

Nicknamed “TheMoon” because its code includes HTML pages referring to the 2009 science-fiction movie “Moon,” the worm seems to do little more than spread from router to router. However, it does appear to be able to connect to a command-and-control server, from which an attacker could manipulate the compromised systems.

“We do not know for sure if there is a command-and-control channel yet,” wrote security researcher Johannes Ullrich in a blog post on the SANS Institute’s website. “But the worm appears to include strings that point to a command-and-control channel.”

The good news is that a simple router reboot will get rid of the worm, and turning off any remote-administration feature in your router’s settings will prevent the worm from being able to attack in the first place. Many routers have remote administration activated by default.

So far, only Linksys’ “E” product line, which includes the E900, E2000, E3200, and E4200 models, has been shown to be affected. Devices that have upgraded to the latest firmware, 2.0.06, should be safe, but some earlier models whose support has expired, such as the E1000, can’t get that upgrade.

Click Here for More on Linksys Worm