A Case Study of the Rustock Rootkit and Spam Bot

In this paper, the authors presented the steps leading up to the extraction of the spam bot payload found within a backdoor rootkit known as Backdoor.Rustock.B or Spam-Mailbot.c. Following the extraction of the spam module they focus their analysis on the steps necessary to decrypt the communications between the command and control server and infected hosts. Part of the discussion involves a method to extract the encryption key from within the malware binary and use that to decrypt the communications.

Provided by: USEnet Live! Topic: Security Date Added: Apr 2007 Format: PDF

Find By Topic