Zeus Botnet. The missing manual

Share
Add to Wishlist
PDF

Computers\\Cybernetics

This document was uploaded by one of our users. The uploader already confirmed that they had the permission to publish it. If you are author/publisher or own the copyright of this documents, please report to us by using this DMCA report form.

Download

Search on Amazon

Simply click on the Download Book button.

Yes, Book downloads on Ebookily are 100% Free.

Sometimes the book is free on Amazon As well, so go ahead and hit "Search on Amazon"

Abstract Putting the completely unoriginal title aside, the purpose of this document is to introduce the reader to the ZeuS bot. This paper specifically addresses version 1.2.4.2. Be forewarned that some of the information here is cursory or incomplete. In other cases, your research may show that my interpretation or findings were completely wrong. Please let me know so that I can update this documentation. I can be reached at [email protected] Along with a basic introduction, I’ll include the essential information required to install a ZeuS infrastructure, configure and install a bot, describe the various functions available in the ZeuS Control Panel, and explain the BackConnect functionality that was incorporated into ZeuS 1.2.4.2. This paper will not directly discuss the ethics regarding the operation of botnets nor will it cover the methods used to distribute the bot installer. It also is not intended to be an authoritative reverse engineering attempt of the bot. Ultimately, this guide is meant as a primer to help fellow researchers jumpstart their own investigations by setting up a viable test environment and providing you with an understanding of how the pieces operate. Don’t be intimidated by the length of the document; more than half of it is screenshots with some type of explanation. I wanted to provide screenshots in addition to some narrative because some people may not actually be able to run through the exercise.

Author(s): Slavic Monster
Edition: 1
Year: 0

Language: English
Pages: 69
Tags: malware

Abstract................................................................................................................................................................... 1
Acknowledgements................................................................................................................................................. 1
Introduction............................................................................................................................................................. 4
Figure 1: Typical ZeuS infrastructure............................................................................................................. 4
Infrastructure........................................................................................................................................................... 5
Test Environment................................................................................................................................................ 5
Figure 2: Beginning the XAMPP install......................................................................................................... 6
Figure 3: XAMPP initial warning screen........................................................................................................ 7
Figure 4: Install location ................................................................................................................................. 8
Figure 5: XAMPP options .............................................................................................................................. 9
Figure 6: Install status................................................................................................................................... 10
Figure 7: Install complete ............................................................................................................................. 11
Figure 8: Checking for ports......................................................................................................................... 12
Figure 9: Starting the environment ............................................................................................................... 13
Figure 10: Configuring the Windows Firewall............................................................................................. 14
Figure 11: Start MySQL ............................................................................................................................... 15
Figure 12: XAMPP Control Panel ................................................................................................................ 16
Figure 13: Configuration complete............................................................................................................... 17
Figure 14: Modify the PHP configuration file.............................................................................................. 18
Installing the ZeuS Control Panel..................................................................................................................... 19
Figure 15: ZeuS 1.2.4.2 install bundle.......................................................................................................... 19
Figure 16: ZeuS web folder copied over to the htdocs folder....................................................................... 20
Figure 17: ZeuS Control Panel installer........................................................................................................ 21
Figure 18: ZeuS installer progress ................................................................................................................ 22
Figure 19: ZeuS Control Panel login ............................................................................................................ 23
Bot configuration .................................................................................................................................................. 24
Figure 20: ZeuS bot builder .......................................................................................................................... 24
Figure 21: Bot Builder screen....................................................................................................................... 25
Step 1: Load config........................................................................................................................................... 25
Step 2: Edit config ............................................................................................................................................ 26
Step 3: Build config .......................................................................................................................................... 26
Figure 22: Saving the configuration file ....................................................................................................... 27
Step 4: Build loader .......................................................................................................................................... 27
Figure 23: Saving the bot loader................................................................................................................... 27
ZeuS Control Panel............................................................................................................................................... 30
Figure 24: ZeuS Control Panel Login........................................................................................................... 30
Figure 25: ZeuS Control Panel Summary..................................................................................................... 31
Figure 26: ZeuS Control Panel Summary dropdown.................................................................................... 32
Figure 27: ZeuS Control Panel OS ............................................................................................................... 33
Figure 28: ZeuS Control Panel Bots ............................................................................................................. 34
Figure 29: ZeuS Control Panel Bots query................................................................................................... 35
Figure 30: ZeuS Control Panel Context Menu ............................................................................................. 36
Figure 31: ZeuS Control Panel Scripts ......................................................................................................... 37
Figure 32: ZeuS Control Panel Add Script................................................................................................... 38
Figure 33: ZeuS Control Panel Add Script Options ..................................................................................... 39
Figure 34: ZeuS Control Panel Search in Database...................................................................................... 40
Figure 35: ZeuS Control Panel Search in Database Contextual Menu......................................................... 41
Figure 36: ZeuS Control Panel Search in Files............................................................................................. 42

Figure 37: ZeuS Control Panel Information ................................................................................................. 43
Figure 38: ZeuS Control Panel Options........................................................................................................ 44
Figure 39: ZeuS Control Panel User............................................................................................................. 45
Figure 40: ZeuS Control Panel Users ........................................................................................................... 46
Figure 41: ZeuS Control Panel Add New User ............................................................................................ 47
BackConnect......................................................................................................................................................... 48
Figure 42: Typical BackConnect communications flow .............................................................................. 48
Sample Webinjects................................................................................................................................................ 51
Figure 43: Google injection .......................................................................................................................... 52
Figure 44: eBay injection.............................................................................................................................. 53
Appendices............................................................................................................................................................ 54
Appendix A: manual_en.txt.............................................................................................................................. 54
Appendix B: config.txt...................................................................................................................................... 61
Appendix C: webinjects.txt............................................................................................................................... 68

Zeus Botnet. The missing manual

My Account

Infomation

Talk To Us

Zeus Botnet. The missing manual

How to Download?

Is it Free?

Book is not loading. What to do?