Zeus Domain Generation Algorithm (DGA)
Author: Chong Rong Hwa
According to CERT Polska, the Zeus, Peer-to-Peer (P2P) with Domain Generation Algorithm (DGA) variant, was observed to be actively used since autumn 2011 (CERT Polska, 2012). Based on the regular expression provided by CERT Polska, the change of the Zeus DGA was observed (Trend Micro, 2010). In this paper, the internal of this new DGA was detailed to explain how the random domain was generated (with the analysis of Zeus sample with MD5 "AC2DE30367DF1DAC0A986D83E98E8223"). The Honeynet Project, Singapore Chapter believes that this finding could help the research community to "predict" Zeus related malicious domains.
Read the Full Write-Up: Link