On the analysis of the ZeuS botnet crimeware toolkit

(Publication) Google search: [1]

Abstract

“ In this paper, we present our reverse engineering

results for the ZeuS crimeware toolkit which is one of the recent and powerful crimeware tools that emerged in the Internet underground community to control botnets. ZeuS has reportedly infected over 3.6 million computers in the United States. Our analysis aims at uncovering the various obfuscation levels and shedding the light on the resulting code. Accordingly, we explain the bot building and installation/infection processes. In addition, we detail a method to extract the encryption key from the malware binary and use that to decrypt the network communications and the botnet configuration information. The reverse engineering insights, together with network traffic analysis, allow for a better understanding of the technologies and behaviors of such modern HTTP botnet crimeware toolkits and opens an opportunity to inject falsified information into the botnet communications which can be used to defame this crimeware toolkit.

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2010BFR1142,
   editor = {},
   author = {Hamad Binsalleeh, Thomas Ormerod, Amine Boukhtouta, Prosenjit Sinha, Amr M. Youssef, Mourad Debbabi, Lingyu Wang},
   title = {On the analysis of the ZeuS botnet crimeware toolkit},
   date = {07},
   month = May,
   year = {2010},
   howpublished = {\url{http://www.ncfta.ca/papers/On_the_Analysis_of_the_ZeuS_Botnet_Crimeware.pdf www.ncfta.ca}},
 }