高度弹性的点对点僵尸网络在这里:Gameover Zeus的分析

2013 8th International Conference on Malicious and Unwanted Software: "The Americas" (MALWARE) Pub Date : 1900-01-01 DOI:10.1109/MALWARE.2013.6703693

Dennis Andriesse, C. Rossow, Brett Stone-Gross, D. Plohmann, H. Bos

{"title":"高度弹性的点对点僵尸网络在这里:Gameover Zeus的分析","authors":"Dennis Andriesse, C. Rossow, Brett Stone-Gross, D. Plohmann, H. Bos","doi":"10.1109/MALWARE.2013.6703693","DOIUrl":null,"url":null,"abstract":"Zeus is a family of credential-stealing trojans which originally appeared in 2007. The first two variants of Zeus are based on centralized command servers. These command servers are now routinely tracked and blocked by the security community. In an apparent effort to withstand these routine countermeasures, the second version of Zeus was forked into a peer-to-peer variant in September 2011. Compared to earlier versions of Zeus, this peer-to-peer variant is fundamentally more difficult to disable. Through a detailed analysis of this new Zeus variant, we demonstrate the high resilience of state of the art peer-to-peer botnets in general, and of peer-to-peer Zeus in particular.","PeriodicalId":325281,"journal":{"name":"2013 8th International Conference on Malicious and Unwanted Software: \"The Americas\" (MALWARE)","volume":"5 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"111","resultStr":"{\"title\":\"Highly resilient peer-to-peer botnets are here: An analysis of Gameover Zeus\",\"authors\":\"Dennis Andriesse, C. Rossow, Brett Stone-Gross, D. Plohmann, H. Bos\",\"doi\":\"10.1109/MALWARE.2013.6703693\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Zeus is a family of credential-stealing trojans which originally appeared in 2007. The first two variants of Zeus are based on centralized command servers. These command servers are now routinely tracked and blocked by the security community. In an apparent effort to withstand these routine countermeasures, the second version of Zeus was forked into a peer-to-peer variant in September 2011. Compared to earlier versions of Zeus, this peer-to-peer variant is fundamentally more difficult to disable. Through a detailed analysis of this new Zeus variant, we demonstrate the high resilience of state of the art peer-to-peer botnets in general, and of peer-to-peer Zeus in particular.\",\"PeriodicalId\":325281,\"journal\":{\"name\":\"2013 8th International Conference on Malicious and Unwanted Software: \\\"The Americas\\\" (MALWARE)\",\"volume\":\"5 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"1900-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"111\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2013 8th International Conference on Malicious and Unwanted Software: \\\"The Americas\\\" (MALWARE)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/MALWARE.2013.6703693\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 8th International Conference on Malicious and Unwanted Software: \"The Americas\" (MALWARE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/MALWARE.2013.6703693","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 111

摘要

Zeus是一个窃取凭证的木马家族，最早出现于2007年。Zeus的前两个变体基于集中式命令服务器。这些命令服务器现在经常被安全社区跟踪和阻止。为了抵御这些常规的对抗措施，Zeus的第二个版本在2011年9月被分叉成一个点对点的变种。与早期版本的Zeus相比，这种点对点变体从根本上来说更难以禁用。通过对这种新的Zeus变体的详细分析，我们展示了最先进的点对点僵尸网络的高弹性，特别是点对点Zeus。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Highly resilient peer-to-peer botnets are here: An analysis of Gameover Zeus

Zeus is a family of credential-stealing trojans which originally appeared in 2007. The first two variants of Zeus are based on centralized command servers. These command servers are now routinely tracked and blocked by the security community. In an apparent effort to withstand these routine countermeasures, the second version of Zeus was forked into a peer-to-peer variant in September 2011. Compared to earlier versions of Zeus, this peer-to-peer variant is fundamentally more difficult to disable. Through a detailed analysis of this new Zeus variant, we demonstrate the high resilience of state of the art peer-to-peer botnets in general, and of peer-to-peer Zeus in particular.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2013 8th International Conference on Malicious and Unwanted Software: "The Americas" (MALWARE)

自引率

0.00%

发文量