• DocumentCode
    3586247
  • Title

    Authorship Analysis of the Zeus Botnet Source Code

  • Author

    Layton, Robert ; Azab, Ahmad

  • Author_Institution
    Internet Commerce Security Lab., Federation Univ., Mt Helen, VIC, Australia
  • fYear
    2014
  • Firstpage
    38
  • Lastpage
    43
  • Abstract
    Authorship analysis has been used successfully to analyse the provenance of source code files in previous studies. The source code for Zeus, one of the most damaging and effective botnets to date, was leaked in 2011. In this research, we analyse the source code from the lens of authorship clustering, aiming to estimate how many people wrote this malware, and what their roles are. The research provides insight into the structure the went into creating Zeus and its evolution over time. The work has potential to be used to link the malware with other malware written by the same authors, helping investigations, classification, deterrence and detection.
  • Keywords
    invasive software; source code (software); Zeus botnet source code files; authorship analysis; authorship clustering; malware; Algorithm design and analysis; Clustering algorithms; Computer crime; Malware; Manuals; Software; authorship analysis; malware attribution; zeus botnet;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Cybercrime and Trustworthy Computing Conference (CTC), 2014 Fifth
  • Print_ISBN
    978-1-4799-8824-2
  • Type

    conf

  • DOI
    10.1109/CTC.2014.14
  • Filename
    7087326
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3586247