Title :
Authorship Analysis of the Zeus Botnet Source Code
Author :
Layton, Robert ; Azab, Ahmad
Author_Institution :
Internet Commerce Security Lab., Federation Univ., Mt Helen, VIC, Australia
Abstract :
Authorship analysis has been used successfully to analyse the provenance of source code files in previous studies. The source code for Zeus, one of the most damaging and effective botnets to date, was leaked in 2011. In this research, we analyse the source code from the lens of authorship clustering, aiming to estimate how many people wrote this malware, and what their roles are. The research provides insight into the structure the went into creating Zeus and its evolution over time. The work has potential to be used to link the malware with other malware written by the same authors, helping investigations, classification, deterrence and detection.
Keywords :
invasive software; source code (software); Zeus botnet source code files; authorship analysis; authorship clustering; malware; Algorithm design and analysis; Clustering algorithms; Computer crime; Malware; Manuals; Software; authorship analysis; malware attribution; zeus botnet;
Conference_Titel :
Cybercrime and Trustworthy Computing Conference (CTC), 2014 Fifth
Print_ISBN :
978-1-4799-8824-2
DOI :
10.1109/CTC.2014.14
