SEC504: Hacker Tools, Techniques, and Incident Handling

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsIn this paper, we discuss details of two recent bots - ZeuS and SpyEye, and study their interaction. We describe how to reverse engineer the two binaries and compare the obfuscation and anti-debugging techniques used by them. Since there is already much literature describing their individual malicious capabilities, this paper does not focus on those aspects. Instead, the focus is primarily on the inter-process communication between the two bots - which is a relatively rare phenomenon in the world of malware.