UNIVERSITI KUALA LUMPUR

MALAYSIAN INSTITUTE OF INFORMATION TECHNOLOGY

WPB49804
FINAL YEAR PROJECT
ZEUS DETECTION SYSTEM ON WEBSITE IN WINDOWS
PLATFORM

NO
.
1.

NAME

ID

NURUL NAZIAH BINTI ROHMAN

52261113688

SUPERVISOR
MADAM MARDIANA BT MAHARI

UNIVERSITI KUALA LUMPUR MALAYSIAN INSTITUTE OF INFORMATION

TECHNOLOGY
SESSION JAN - MAY 2016

Chapter 1: Introduction
1. Introduction
Nowadays, there are millions of internet users have been attacked via e-mail by a
mass of infections and worms across the globe. However, a disastrous infection or worm
outbreak creating incredible misfortune has not been seen lately. This does not mean that the
Internet is considerably more secure, but rather more vulnerable since attackers have moved
their strategy to trading off and controlling computers' of the victims; an assault plan which
gives more potential to individual benefit and assault capacity. This lucrative assault subject
has created an extensive number of botnets in current Internet (Joshi & Sardana, 2011).
2. Problem Statement
Botnet now show an extraordinarily dangerous computerized crime for Internet and
computer system. Botnet threats fall into two classifications. The first classification is that
botnet can be access by botmaster remotely to run any order originate from botmaster in
victims' computers and return results to him while the next classification is that botnet can be
allowed to keep on running in victims' computers without the users notice. In this way,
millions of users might have bots running in their computers without them knowing anything
about it.
Zeus is one of the dangerous botnets available these days. It takes banking account for
profits of extensive financial and it can take any record such as password and username that
was typed in users computer in which had been contaminated by Zeus bot. For example, it
will sends records or social sites accounts, and so forth. Zeus is a group of malignant
programming that spotlights on taking passwords for monetary organizations, and
incorporates a few rootkit parts to give stealth capacities
3. Purpose
Purpose of this application is to record, break down, identify, and uproot Zeus bot in
Internet and computer systems. This application will record which website is vulnerable with
Zeus bot and break down its function. From there on, this application will identify the main
part of the website that is the source of Zeus and uproot/remove it from the system.

4. Objective
i.
ii.
iii.
iv.

To create an application that runs in the background which will provide extra
protection against Zeus malware.
To develop a simple, light and user friendly application that will only take up a
bit of the systems memory.
To detect Zeus using the application.
To prevent/remove Zeus using the application.

5. Problem Statement
Zeus is a bundle of malware in which is available to be purchased as well as trade via
underground business. The bundle contains a builder that can produce a bot executable file as
well as Web server records such as PHP, pictures, and SQL layouts for use as the control
server and command. While Zbot is a non-specific secondary passage that permits full control
by an unapproved remote client, the essential capacity of Zbot is monetary benefittaking
online certifications, for example, FTP, email, internet keeping money, and other online
passwords (Gu & Roberto, 2008; Falliere & Chien, 2009). This project is encouraged by the
needs of a system that will provide early warning to users regarding Zeus malware threats.
Thus, in addition to this, it will prevent Zeus activities from running in the Internet and
computer systems.
6. Project Scope
This project focuses on developing a personalized stand-alone malware detection
system. This stand-alone development will be used to analyze the Internet and computer
systems to prevent an attack from Zeus bot only.
5.1 User Scope
This application need to be install in a user computer in order to start functioning.
Thus, the user will need to install the application and give permission for the application to
run in the background silently without interrupting any other function as the application will
be requesting for it. In case there is a detection, website will directly be blocked with a
display of warning message by the application to the user.
5.2 System Scope
This application will be created by using Python as the main programming language.
The main Integrated Development Environment that will be used during the development of
this application is Visual Studio. Signature of the Zeus will be stored in the system library.

The input data for this application will be the detection of Zeus signature. From this input, the
output will be based on whether Zeus are detected or not in which will result in the
prevention for websites access.
6

Significance of the project

Development of this application can open up new potentials, approaches and

techniques that can be utilized to a certain limitations especially in helping the future
researches in developing the new way of investigating and developing more specific
malware-based applications. Apart from that, this project will also be helping in creating a
platform that will be able to help in detecting and preventing Zeus botnet because even with
the most up-to-date antivirus, Zeus is considered as being hard to detect since it used stealth
techniques to hide itself.
References
Falliere, N., & Chien, E. (2009). Zeus: King of the Bots. Cupertino, CA: Symantec
Corporation.
Gu, G., & Roberto, R. (2008). Botminer: Clustering Analysis Of Network Traffic For
Protocol- And Structure-Independent Botnet Detection. San Jose, CA: The 17th
USENIX Security Symposium.
Joshi, R., & Sardana, A. (2011). Honeypots A New Paradigm To Information Security.
Enfield, NH: Science Publishers.