{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,19]],"date-time":"2025-03-19T13:29:11Z","timestamp":1742390951258},"publisher-location":"Berlin, Heidelberg","reference-count":25,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642012433"},{"type":"electronic","value":"9783642012440"}],"license":[{"start":{"date-parts":[[2009,1,1]],"date-time":"2009-01-01T00:00:00Z","timestamp":1230768000000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2009]]},"DOI":"10.1007\/978-3-642-01244-0_27","type":"book-chapter","created":{"date-parts":[[2009,5,23]],"date-time":"2009-05-23T04:53:02Z","timestamp":1243054382000},"page":"307-317","source":"Crossref","is-referenced-by-count":8,"title":["NGBPA Next Generation BotNet Protocol Analysis"],"prefix":"10.1007","author":[{"given":"Felix S.","family":"Leder","sequence":"first","affiliation":[]},{"given":"Peter","family":"Martini","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"27_CR1","unstructured":"Amini, P.: PyDbg - A pure Python win32 debugging abstraction class last visit (l.v.) (October 2008), \n                    \n                      http:\/\/pedram.redhive.com\/PyDbg\/"},{"key":"27_CR2","unstructured":"Amini, P.: Kraken Botnet Infiltration, Blog on DVLabs (April 2008), \n                    \n                      http:\/\/dvlabs.tippingpoint.com\/blog\/2008\/04\/28\/kraken-botnet-infiltration"},{"key":"27_CR3","unstructured":"Amini, P.: PaiMei - Reverse Engineering Automization (October 2008), \n                    \n                      http:\/\/pedram.redhive.com\/research\/reverse_engineering_automation\/"},{"key":"27_CR4","unstructured":"Archer and FEUERRADER, QuickUnpack, (August 2008), \n                    \n                      http:\/\/reversengineering.wordpress.com\/2007\/10\/06\/quick-unpack-v20-final\/"},{"key":"27_CR5","unstructured":"Bayer, U., Kruegel, C., Kirda, E.: TTAnalyze: A Tool for Analyzing Malware. In: 15th Annual Conference of the European Institute for Computer Antivirus Research (EICAR) (2006)"},{"key":"27_CR6","unstructured":"Bellard, F.: QEMU, a Fast and Portable Dynamic Translator. In: USENIX Annual Technical Conference (2005)"},{"key":"27_CR7","unstructured":"Brulez, N.: Unpacking Storm Worm (August 2008), \n                    \n                      http:\/\/securitylabs.websense.com\/content\/Blogs\/3127.aspx"},{"key":"27_CR8","doi-asserted-by":"crossref","unstructured":"Christodorescu, M., et al.: Semantics-aware malware detection. In: IEEE Symposium on Security and Privacy (2005)","DOI":"10.1109\/SP.2005.20"},{"key":"27_CR9","unstructured":"Combs, G.: Wireshark - network protocol analyzer (October 2008), \n                    \n                      http:\/\/www.wireshark.org"},{"key":"27_CR10","unstructured":"Dittrich, D., Dietrich, S.: Command and control structures in malware. Usenix magazine\u00a032(6) (December 2007)"},{"key":"27_CR11","unstructured":"Russinovich, R., Cogswell, B.: Windows Sysinterals (October 2008), \n                    \n                      http:\/\/technet.microsoft.com\/en-us\/sysinternals\/default.aspx"},{"key":"27_CR12","unstructured":"Fisher, D.: Storm, Nugache lead dangerous new botnet barrage, Article (October 2008), \n                    \n                      http:\/\/searchsecurity.techtarget.com\/news\/article\/0,289142,sid14_gci1286808,00.html"},{"key":"27_CR13","volume-title":"Rootkits","author":"G. Hoglund","year":"2005","unstructured":"Hoglund, G., Butler, J.: Rootkits. Addison Wesley, Reading (2005)"},{"key":"27_CR14","unstructured":"Father, H.: Hooking Windows APITechnics of Hooking API Functions on Windows. CodeBreakers Journal\u00a01(2) (2004)"},{"key":"27_CR15","unstructured":"Immunity Inc., Immunity Debugger, (October 2008), \n                    \n                      http:\/\/www.immunitysec.com\/products-immdbg.shtml"},{"key":"27_CR16","doi-asserted-by":"crossref","unstructured":"Linn, C., Debray, S.: Obfuscation of executable code to improve resistance to static disassembly. In: Proceedings of the 10th ACM conference on Computer and communications security (2003)","DOI":"10.1145\/948109.948149"},{"key":"27_CR17","unstructured":"Pierce, C.: Owning Kraken Zombies, a Detailed Dissection, Blog on DVLabs (October 2008), \n                    \n                      http:\/\/dvlabs.tippingpoint.com\/blog\/2008\/04\/28\/owning-kraken-zombies"},{"key":"27_CR18","doi-asserted-by":"crossref","unstructured":"Royal, P., Halpin, M., Dagon, D., Edmonds, R., Lee, W.: PolyUnpack: Automating the Hidden-Code Extraction of Unpack-Executing Malware. In: ACSAC 2006: Proceedings of the 22nd Annual Computer Security Applications Conference on Annual Computer Security Applications Conference (2006)","DOI":"10.1109\/ACSAC.2006.38"},{"key":"27_CR19","unstructured":"Royal, P.: On the Kraken and Bobax Botnets, Whitepaper, Damball (April 2008)"},{"key":"27_CR20","unstructured":"Shadowserver Foundation, ShadowServer Homepage (October 2008), \n                    \n                      http:\/\/shadowserver.org"},{"key":"27_CR21","volume-title":"The Art of Computer Virus Research and Defense","author":"P. Szor","year":"2005","unstructured":"Szor, P.: The Art of Computer Virus Research and Defense. Addison-Wesley, Reading (2005)"},{"key":"27_CR22","unstructured":"Symantec\u00a0Coorp. Symantec Internet Security Threat Report Volume XIII, Whitepaper (April 2008)"},{"key":"27_CR23","unstructured":"Wicherski, G.: botsnoopd - Sniffing on Botnets, Blog (October 2008), \n                    \n                      http:\/\/blog.oxff.net\/2006\/10\/botsnoopd-sniffing-on-botnets.html"},{"key":"27_CR24","doi-asserted-by":"crossref","unstructured":"Willems, C., Holz, T., Freiling, F.: Toward Automated Dynamic Malware Analysis Using CWSandbox. In: IEEE Security & Privacy (2007)","DOI":"10.1109\/MSP.2007.45"},{"key":"27_CR25","unstructured":"Yuschuk, O.: OllyDbg Debugger (October 2008), \n                    \n                      http:\/\/www.ollydbg.de\/"}],"container-title":["IFIP Advances in Information and Communication Technology","Emerging Challenges for Security, Privacy and Trust"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-01244-0_27","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,3,8]],"date-time":"2019-03-08T03:19:53Z","timestamp":1552015193000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-01244-0_27"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2009]]},"ISBN":["9783642012433","9783642012440"],"references-count":25,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-01244-0_27","relation":{},"ISSN":["1868-4238","1868-422X"],"issn-type":[{"type":"print","value":"1868-4238"},{"type":"electronic","value":"1868-422X"}],"subject":[],"published":{"date-parts":[[2009]]}}}