Title :
Highly resilient peer-to-peer botnets are here: An analysis of Gameover Zeus
Author :
Andriesse, D. ; Rossow, C. ; Stone-Gross, B. ; Plohmann, D. ; Bos, Herbert
Author_Institution :
VU Univ., Amsterdam, Netherlands
Abstract :
Zeus is a family of credential-stealing trojans which originally appeared in 2007. The first two variants of Zeus are based on centralized command servers. These command servers are now routinely tracked and blocked by the security community. In an apparent effort to withstand these routine countermeasures, the second version of Zeus was forked into a peer-to-peer variant in September 2011. Compared to earlier versions of Zeus, this peer-to-peer variant is fundamentally more difficult to disable. Through a detailed analysis of this new Zeus variant, we demonstrate the high resilience of state of the art peer-to-peer botnets in general, and of peer-to-peer Zeus in particular.
Keywords :
invasive software; peer-to-peer computing; centralized command servers; credential-stealing trojans; gameover Zeus; peer-to-peer Zeus; peer-to-peer botnets; peer-to-peer variant; routine countermeasures; security community; Command and control systems; Encryption; Payloads; Peer-to-peer computing; Protocols; Resilience;
Conference_Titel :
Malicious and Unwanted Software: "The Americas" (MALWARE), 2013 8th International Conference on
Conference_Location :
Fajardo, PR
Print_ISBN :
978-1-4799-2534-6
DOI :
10.1109/MALWARE.2013.6703693
