In early July, a group of cyber criminals released a modified version of the Gameover ZeuS banking trojan, using a technique known as a domain generation algorithm (DGA) to make disrupting the botnet more difficult.
But the same technique has made it easier for researchers to track the botnet's activity, and they watched as it quickly grew from infecting hundreds of initial systems to 10,000 systems in two weeks. Then a funny thing happened: Gameover ZeuS stopped growing. Now, almost six weeks after researchers first detected signs of the program, the group behind the botnet keeps the infections between 3,000 and 5,000 systems, according to security services firm Seculert.
The group undoubtedly wants to grow the botnet again because cyber crime is typically a game of large numbers. When a coalition of law enforcement officials and industry players took down the botnet in late May, it comprised some 500,000 to 1 million machines. Now they're laying low, Seculert CTO Aviv Raff told Ars.