TCP/IP Packet Analysis of Zeus Botnet

With all of the news of Kneber and Zeus, have you wondered what it looks like?

The Zeus botnet and it’s Kneber variant have made headline news lately. These botnets are known for their fault tolerant command and control servers and their ability to steal financial and login credentials.

This post is more for our readers who know TCP/IP communication very well. The packet analysis gurus over at Openpacket.org have made available three packet capture samples of  the Zeus Botnet communicating with an infected machine.

This will come in handy for any computer security specialist who needs to know what Zeus Botnet traffic looks like. These sample files are in .pcap format and can be opened with Wireshark, TCPDump or  any other packet capture reader program.

~ by D. Dieterle on March 14, 2010.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: