1 / 67

ZeuS : God of All Cyber-Theft

ZeuS : God of All Cyber-Theft. Roland Dela Paz and Jasper Manuel Threat Researchers. Greek Mythology. 2. Classification 1/5/2020. Virtual Landscape. 3. Classification 1/5/2020. Commercial crimeware for stealing online banking credentials Authored by “Slavik”/“Monstr”

jeremyn
Download Presentation

ZeuS : God of All Cyber-Theft

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ZeuS: God of All Cyber-Theft Roland Dela Paz and Jasper Manuel Threat Researchers

  2. Greek Mythology 2 Classification 1/5/2020

  3. Virtual Landscape 3 Classification 1/5/2020

  4. Commercial crimeware for stealing online banking credentials Authored by “Slavik”/“Monstr” Has been in the wild since late 2005 Fast Facts on ZeuS

  5. The ZeuS Infection Chain via spammed messages

  6. The ZeuS Infection Chain via spammed messages via malicious websites

  7. ZeuS and Spam

  8. ZeuS and Spam

  9. ZeuS and Spam

  10. ZeuS is configured to target a list of bank-related websites or financial institutions from which they try to steal sensitive online banking information ZeuS: The How

  11. ZeuS: The How

  12. ZeuS: The How

  13. ZeuS: The How

  14. ZeuS: The How

  15. ZeuS – a Cyber-Theft God

  16. ZeuS – a Cyber-Theft God

  17. ZeuS – a Cyber-Theft God

  18. ZeuS – a Cyber-Theft God

  19. ZeuS – a Cyber-Theft God

  20. ZeuS – a Cyber-Theft God

  21. ZeuS – a Cyber-Theft God

  22. ZeuS – a Cyber-Theft God

  23. ZeuS – a Cyber-Theft God

  24. ZeuS Builder Web Panel Configuration Files ZeuS Toolkit Components

  25. Zeus Builder ZeuS Toolkit Components

  26. Web Panel ZeuS Toolkit Components

  27. Web Panel ZeuS Toolkit Components

  28. Configuration Files ZeuS Toolkit Components Config.txt: Webinjects.txt:

  29. Configuration Files ZeuS Toolkit Components Config.txt: Webinjects.txt:

  30. Configuration Files ZeuS Toolkit Components Config.txt: Webinjects.txt:

  31. Configuration Files ZeuS Toolkit Components Config.txt: Webinjects.txt:

  32. Gathering Intelligence Downloaded configuration file

  33. Gathering Intelligence Downloaded configuration file

  34. Gathering Intelligence Breaking the encryption Where is the decryption key???

  35. Gathering Intelligence Breaking the encryption ZeuS 1.x encryption algorithm

  36. Gathering Intelligence Breaking the encryption Finding the key stream

  37. Gathering Intelligence Breaking the encryption Encryption key in config.txt

  38. Gathering Intelligence Breaking the encryption RC4 function used by ZeuS

  39. Gathering Intelligence Breaking the encryption ZeuS builder - key stream generation

  40. Gathering Intelligence Breaking the encryption ZeuS 2.x encryption algorithm

  41. Gathering Intelligence Breaking the encryption Finding the key stream

  42. Gathering Intelligence Breaking the encryption Finding the key stream

  43. Gathering Intelligence Breaking the encryption Finding the key stream

  44. Gathering Intelligence Breaking the encryption Encrypted HTTP traffic

  45. Gathering Intelligence ZeuS POST data decryption Decryption key in ZeuS CP

  46. Gathering Intelligence ZeuS POST data decryption

  47. Gathering Intelligence ZeuS POST data decryption

  48. Use to source and monitor ZeuS binaries for detection, malware development, and solution creation Use to source and monitor malicious ZeuS domains for blocking Share with law enforcement agencies to help in investigations, arrests, C&C take-downs, etc. Use to identify target (financial) firms and country What to do with gathered intelligence?

  49. Volume of customers Online security measures Availability of webinject scripts What makes financial firms attractive targets?

  50. Internet population Online banking population Value of money Locality What makes a country/region an attractive target?

More Related