On the Analysis of the Zeus Botnet Crimeware Toolkit
In this paper, the authors present their reverse engineering results for the Zeus crimeware toolkit which is one of the recent and powerful crimeware tools that emerged in the Internet underground community to control botnets. Zeus has reportedly infected over 3.6 million computers in the United States. Their analysis aims at uncovering the various obfuscation levels and shedding the light on the resulting code. Accordingly, they explain the bot building and installation/infection processes. In addition, they detail a method to extract the encryption key from the malware binary and use that to decrypt the network communications and the botnet configuration information.