A Case Study of the Rustock Rootkit and Spam Bot

Provided by: USEnet Live!
Topic: Security
Format: PDF
In this paper, the authors presented the steps leading up to the extraction of the spam bot payload found within a backdoor rootkit known as Backdoor.Rustock.B or Spam-Mailbot.c. Following the extraction of the spam module they focus their analysis on the steps necessary to decrypt the communications between the command and control server and infected hosts. Part of the discussion involves a method to extract the encryption key from within the malware binary and use that to decrypt the communications.

Find By Topic