Register

Forgot Password

Site FAQ

Home > IT Blogs > Irregular Expressions > Zeus code walkthrough – Part 8

>>VIEW ALL POSTS

Irregular Expressions

Jun 25 2011 12:29AM GMT

Zeus code walkthrough – Part 8

Posted by: Dan O'Connor

zeus analysis, zeus botnet, zeus source code, zeus walkthrough

Our last bit we need before we hit the big red button and infect the machine is getting wireshark ready to go.

http://www.wireshark.org/download.html

I have wireshark loaded with a filter string to only capture traffic from the workstation that I will infect.

I have the workstation infected now, and I can see the traffic coming back to the server on port 80 to the web server we setup. The infected workstation is talking to the gate.php file on the web server, as expected it’s encrypted. This will be the first php file we dive in to, it should be a great start.

Comment

RSS Feed

Email a friend

Comment on this Post

Leave a comment:

Community Blog | About Us | Contact Us | FAQ | Terms of Use | DMCA Policy

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organization's IT projects - with its network of technology-specific Web sites, events and magazines.
All Rights Reserved, Copyright 1999-2013, TechTarget | Read our Privacy Policy
Questions and Answers Index 1 | Questions and Answers Index 2 | IT Topics Index 1 | IT Topics Index 2 | Blogs Index | Blogs Tags

Irregular Expressions

Zeus code walkthrough – Part 8

Comment on this Post

About This Blog

Browse This Blog’s Tags

Archives

Blog Roll

Subscribe to Alerts