Title :
Taming Zeus by leveraging its own crypto internals
Author :
Riccardi, Marco ; Pietro, Roberto Di ; Vila, Jorge Aguila
Author_Institution :
eSecurity Res. Group, Barcelona Digital Technol. Centre, Barcelona, Spain
Abstract :
Malware is one of the main threats to the Internet security in general, and to commercial transactions in particular. However, malware detection and containment tools and techniques still call for effective and efficient solutions. In this paper, we address a specific, dreadful, and widely diffused financial malware: Zeus. The contributions of this paper are manifold: first, we propose a general methodology to break the encrypted malware communications; second, we provide a proof of concept of such a methodology by applying it to the production environment. Further, we show how our proposal can be implemented to detect and contain the Zeus threat. Finally, we provide lesson learning highlighting some general principles that underly malware in general (and Zeus in particular).
Keywords :
cryptography; financial data processing; invasive software; Internet security; Zeus; commercial transactions; containment tools; crypto internals; encrypted malware communications; financial malware; malware detection; production environment; banking trojans; botnets; e-crime forensics framework; fraud detection system;
Conference_Titel :
eCrime Researchers Summit (eCrime), 2011
Conference_Location :
San Diego, CA
Print_ISBN :
978-1-4577-1340-8
Electronic_ISBN :
2159-1237
DOI :
10.1109/eCrime.2011.6151981
