Sunday, June 16, 2013

ZeuS Evolution: it's time for P2P and RSA.

Today another "Hack Note" on my blog to point you out to a great analysis of ZeuS evolutions. I definitely suggest the reading titled "ZeuS-P2P" by Cert Polska because, in my personal opinion, it describes one of the most important evolutions of a "bot kit" happened so far: the distribution of the Command aNd Control (CNC) module. As you might remember the CNC modules evolved from single access point (such as IRC, Twitter, FaceBook, and so on) to multiple access points (often by implementing a Domain Generation Algorithm, DGA), in where attackers had a bounch (~1000)  of domains to generate and/or to compromise in order to spread commands to the infected hosts. The last ZeuS versions have been using a nice alternative: the P2P protocol. Specifically ZeuS bot-kit has been using a P2P protocol very close (in term of code) to Kademlia (xor map based). The following image taken from the aforementioned document written by Cert Polska, nicely illustrates the flow between the attacker and the attacked user.
The paper follows on describing interesting detatils about the new "ZeuS generation malware" including (decompiled) source code and highlighting interesting sections such as:PROXY_SERVER_HOST string replacement, DDoS module, HTTP DDoS variant module, DhTUdp DDos, Digital Signature verification (another great improvements respect to the "OLD versions"), and so on. Aditionally fully reversed-engineered P2P protocol can be found on a dedicated chapter. Have a nice reading !

8 comments:

writemypapers said...

Pretty nice explanation. Thanks for sharing.

AGARWAL PACKERS & MOVERS LTD. said...

Packers and Movers Services
Packers Movers India
Packers & Movers

custom essays said...

Thank you for sharing this information with us.

writemypapers said...

thanks for giving us nice info. Writings-centre.com

Victoria said...

Wonderful blog! navigate to this website

Amy Pearson said...

Very informative. Good job! To know more, see here.

Nur Fadhil said...

Thanks for a very interesting blog. What else may I get that kind of info written in such a perfect approach? I’ve a undertaking that I am simply now operating on, and I have been at the look out for such info.

nanah keluar dari kemaluan lelaki obat kemaluan keluar nanah obat kemaluan keluar nanah obat penis keluar nanah Pengobatan wasir

alexxlexx said...

Thanks for another useful "Hack Note"! prime-essay