[nsp-sec] Zbot encryption key?
Nicholas Ianelli
ni at centergate.net
Mon Jun 8 10:08:21 EDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> Has anyone successfully found a way to extract the encryption key found
> within Zbot binaries? We would very much like to know what data if any
> Zbot is swiping from our infected hosts (for NYS reporting purposes).
If I recall correctly, both the config and the data are RC4 encrypted,
with the initial key data available in the unpacked binary.
Do you have a copy of the malicious binary and sample data?
Cheers,
Nick
- --
Nicholas Ianelli: NeuStar, Inc.
Security Operations
46000 Center Oak Plaza Sterling, VA 20166
+1 571.434.4691 - http://www.neustar.biz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
iEYEARECAAYFAkotG1UACgkQi10dJIBjZID3ZgCeMgxNcZgHdk1bElp5fUFAnxOR
Cc8An3B4xoufzfDthxSdNRPa2/b0+E0d
=m/x7
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list