Zeus botnet source code

Question

I am doing my project on botnets and wanted to understand the source code of the Zeus botnet.

Where is the right place to get started with some analysis of zeus botnet source code? I need a good resource or walk through/control flow of the source code for better understanding.

I have read Build your own botnet by SANS, and wanted a similar document or resource on zeus.

http://resources.infosecinstitute.com/botnets-unearthed-the-zeus-bot/ might help. — ρss, Jun 19 '15 at 14:56
http://www.ioactive.com/pdfs/ZeusSpyEyeBankingTrojanAnalysis.pdf might help too. — r00t, Jun 19 '15 at 15:01
A quick Google search turned up a Github link. https://github.com/Visgean/Zeus — echelon, Jun 19 '15 at 15:03
@Konrad Gajewski i am happy to know that,..I am working on detection of botnets and new variants..i have good theorotical knowledge on detection of botnets but no practical knowledge.It would be great if you share your thoughts — user10012, Jul 28 '15 at 13:00
You might start with sharing what YOU know. Personally I am not interested that much, but perhaps others would benefit. — Konrad Gajewski, Jul 28 '15 at 14:35
@KonradGajewski ,till date i have only been able to compile the zeus successfully.However for detection of Botnets i have read good amount of research papers which includes Host-Level Detection,Network Level Analysis,Honeypots and in the process of developing a theorotical model...I am ready to share my work, however anyone in this post will look for Zeus Code talks and not on detection.It will be good if i share my work at right post(suggest me if possible)....I feel that if you can share your experience on how to understand zeus code will be more valuable to the context. — user10012, Jul 28 '15 at 23:17

score 6 · Answer 1 · edited Jun 19 '15 at 23:25

6

As mentioned by echelon, Zeus source code is available in GitHub.

Availability of its source code (leaked in 2011) is one of the reasons many modern botnets are evolved from Zeus.

Be careful when infecting with your botnet several VM/computers you control, you don't want the to infect real user machines with your toy botnet!

For additional security you can put a stop date to ensure it will stop in a few days or -even better- in the past, so it only works where you explicitly misconfigure the clock.

edited Jun 19 '15 at 23:25

schroeder

123,438
55
284
319

answered Jun 19 '15 at 23:18

Ángel

17,578
3
25
60

See my recent edit of the question. The OP is primarily looking for an analysis of the code. – schroeder Jun 19 '15 at 23:27
@Angel i have the code with me ,i wanted to understand the code to getter good understanding...i m looking for some documentation of source code – user10012 Jun 19 '15 at 23:28
I'm afraid I misunderstood your request. – Ángel Jun 19 '15 at 23:31

Zeus botnet source code

1 Answers1