14 DAY TRIAL // The developers of the peer-to-peer (P2P) version of the ZeuS malware, dubbed GameOver, have begun migrating the P2P protocol to a new port range.
Damballa experts say the old variants of GameOver used the UDP port range from 10000 to 30000 for command and control activities. The new variants spotted by researchers utilize the 1024 – 10000 range.
“During the transition period, you may observe ports being used across both the old and the new port ranges as older versions are being updated to use the new port range,” Damballa Senior Researcher Scientist John Jerrim noted in a blog post.
Jerrim explains that the most recent versions of the malware use the new port range. Existing compromised hosts will also be updated to use the 1024 – 10000 range.
It’s believed that the decision to change the port range comes in response to a detailed analysis of the threat published in June 2013 by Poland’s Computer Emergency Response Team (CERT).