1 / 20

Cyber Analytics Project

Cyber Analytics Project. By: Geethu Babu Rajesh Gill Shayan Parhite Jaiteerth Patil. MIS 510 Section 001 2/26/24. Agenda. Research Topic – Zeus Trojan. Research Questions. Zeus – King of banking Trojans. Source: Hacker Web. Zeus Command & Control Servers Across The Globe.

erno
Télécharger la présentation

Cyber Analytics Project

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cyber Analytics Project By: GeethuBabu Rajesh Gill Shayan Parhite Jaiteerth Patil MIS 510 Section 001 2/26/24

  2. Agenda

  3. Research Topic – Zeus Trojan

  4. Research Questions

  5. Zeus – King of banking Trojans Source: Hacker Web

  6. Zeus Command & Control Servers Across The Globe Source: zeustracker.abuse.ch

  7. Dominance of Zeus Variants of Zeus - SpyEye and Gameover Zeus Figure 3: Number of posts on Gameover and SpyEye Source: Hacker Web

  8. Tweet Analysis – Zeus vs SpyEye Source: Twitter.com

  9. Botnets: self-replicating programs to money making business Figure 6: Word Frequency occurrence in Tweets Source: Hacker Web

  10. Authors spoken about revenue related botnets Source: Hacker Web

  11. FTP and Zeus – Clustering around US and RU Source: Shodan Data with Latitude and Longitude

  12. Sentimental Analysis of Tweets of Zeus Source: Twitter.com and Semantria

  13. Number of active ZeuS files (Last 60 Days) Source: zeustracker.abuse.ch

  14. Collection Methods: HackerWeb Java code used in Eclipse to get data from HackerWeb

  15. Collection Methods: HackerWeb SQL Query to read data from HackerWeb select * from ( select v.threadID,v.title,v.numOfView,v.numOfPosts,p.postID,p.flatContent,CONCAT(mid(replace(replace(replace(p.postDate,'(',''),')',''),' ','-'),2,20),' ',rtrim(p.postTime)) postTimeStamp, p.postrank,p.subforum, va.authorName, va.reputationscorefrom vctoolthread v, vctoolposts p, vctoolauthorva where v.threadid= p.threadidand va.authorID= p.authorIDand (lower(p.flatContent) like '%spyeye%' or lower(p.flatContent) like '%zues%' or lower(p.flatContent) like '%zeus%' or lower(p.flatContent) like '%zbot%' or lower(p.flatContent) like '%botnet%' or lower(p.flatContent) like '%bot%') ) x where lower(x.flatContent) like '%purchase%' or lower(x.flatContent) like '%buy%' or lower(x.flatContent) like '%sell%' or lower(x.flatContent) like '%money%' or lower(x.flatContent) like '%cost%';

  16. Collection Methods: Shodan PHP code to read data from Shodan

  17. Collection Methods: Twitter API Java code to collect Tweets on research topic

  18. Analytical Methods • The data collected over Shodan and Hacker Web had to be cleansed first through manual ETL processing • Various analytical tools such as Microsoft Excel, Tableau and RapidMiner were used to perform data visualization, data analysis and text mining. • Semantriawas used to perform Sentimental analysis on twitter feeds.

  19. Conclusion

  20. References "Hackers Use Virus to Create Fake 'likes' and Followers on Social Media Sites - RT News." Hackers Use Virus to Create Fake 'likes' and Followers on Social Media Sites - RT News. N.p., 18 Aug. 2013. Web. 23 Feb. 2014. Hall, Gray. "On Your Side Alert: Zeus Virus - NBC12.com - Richmond, VA News." On Your Side Alert: Zeus Virus - NBC12.com - Richmond, VA News. N.p., 5 Aug. 2013. Web. 23 Feb. 2014. Kirk, Jeremy. "SpyEye Trojan Defeating Online Banking Defenses." Computerworld. N.p., 26 July 2011. Web. 24 Feb. 2014. Macdonald, Doug. "FortiGuard Center - Threat Research & Response." FortiGuard.com. Ed. Derek Manky. N.p., n.d. Web. 19 Feb. 2014. Nahorney, Ben, and Nicolas Falliere. "Trojan.Zbot." Endpoint, Cloud, Mobile & Virtual Security Solutions. N.p., 11 Feb. 2014. Web. 23 Feb. 2014. PERLROTH, NICOLE. "Malware That Drains Your Bank Account Thriving on Facebook." Bits Malware That Drains Your Bank Account Thriving on Facebook Comments. N.p., 3 June 2013. Web. 15 Feb. 2014. "Welcome to the ZeuS Tracker." ZeuS Tracker. N.p., n.d. Web. 22 Feb. 2014. Woollaston, Victoria. "Computer Virus Found on Facebook Steals Bank Details and Money from Accounts When Users Click on Links." Mail Online. Associated Newspapers, 06 June 2013. Web. 20 Feb. 2014. "'Zeus Banking Trojan' Virus Hits Facebook, Steals Bank Details And Money." Fox News Latino. N.p., 6 June 2013. Web. 21 Feb. 2014. "Zeus Banking Virus Is Back Warns Security Firm." BBC News. BBC, 26 Apr. 2010. Web. 18 Feb. 2014. "ZeuS on the Hunt." Securelist.com. N.p., n.d. Web. 16 Feb. 2014. "Zeus (Trojan Horse)." Wikipedia. Wikimedia Foundation, 19 Feb. 2014. Web. 17 Feb. 2014. "Spyware." Wikipedia. Wikimedia Foundation, 20 Feb. 2014. Web. 21 Feb. 2014. "Syrian Electronic Army." Wikipedia. Wikimedia Foundation, 21 Feb. 2014. Web. 22 Feb. 2014. Trent, Warren. "Zeus Computer Virus Draining Bank Accounts." KTVK Azfamily.com. N.p., 5 June 2013. Web. 24 Feb. 2014. "SpyEye Bot versus Zeus Bot." Endpoint, Cloud, Mobile & Virtual Security Solutions. N.p., n.d. Web. 23 Feb. 2014.

More Related