{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,28]],"date-time":"2025-08-28T00:06:18Z","timestamp":1756339578794,"version":"3.44.0"},"reference-count":28,"publisher":"IEEE","license":[{"start":{"date-parts":[[2011,11,1]],"date-time":"2011-11-01T00:00:00Z","timestamp":1320105600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2011,11,1]],"date-time":"2011-11-01T00:00:00Z","timestamp":1320105600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2011,11]]},"DOI":"10.1109\/ecrime.2011.6151981","type":"proceedings-article","created":{"date-parts":[[2012,2,22]],"date-time":"2012-02-22T15:27:28Z","timestamp":1329924448000},"page":"1-9","source":"Crossref","is-referenced-by-count":8,"title":["Taming Zeus by leveraging its own crypto internals"],"prefix":"10.1109","author":[{"given":"Marco","family":"Riccardi","sequence":"first","affiliation":[{"name":"eSecurity Research Group, Barcelona Digital Technology Centre, Barcelona, Spain"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Roberto","family":"Di Pietro","sequence":"additional","affiliation":[{"name":"eSecurity Research Group, Barcelona Digital Technology Centre, Barcelona, Spain"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jorge Aguila","family":"Vila","sequence":"additional","affiliation":[{"name":"CSIRT, La Caixa, Barcelona, Spain"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"19","doi-asserted-by":"publisher","DOI":"10.1109\/PST.2010.5593240"},{"key":"17","doi-asserted-by":"publisher","DOI":"10.1109\/SECURWARE.2010.39"},{"key":"18","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1145\/1278940.1278942","article-title":"Cent, five cent, ten cent, dollar: Hitting botnets where it really hurts","author":"ford","year":"2006","journal-title":"Proceedings of the 2006 Workshop on New Security Paradigms"},{"key":"15","first-page":"12","article-title":"Bothunter: Detecting malware infection through ids-driven dialog correlation","author":"gu","year":"2007","journal-title":"Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium"},{"key":"16","doi-asserted-by":"crossref","first-page":"128","DOI":"10.1145\/1315245.1315262","article-title":"Stealthy malware detection through vmm-based out-of-the-box semantic view reconstruction","author":"jiang","year":"2007","journal-title":"Proceedings of the 14th ACM conference on Computer and Communications Security"},{"key":"13","doi-asserted-by":"publisher","DOI":"10.1109\/SecTech.2008.53"},{"key":"14","first-page":"47","article-title":"Preventing botnet damage technique and its effect using bot dns sinkhole","volume":"15","author":"kim","year":"2009","journal-title":"Journal of KISS (C) Computing Practices"},{"key":"11","doi-asserted-by":"crossref","first-page":"307","DOI":"10.1007\/978-3-642-01244-0_27","article-title":"Ngbpa next generation botnet protocol analysis","author":"leder","year":"2009","journal-title":"Emerging Challenges for Security Privacy and Trust"},{"key":"12","first-page":"107","article-title":"A new bot disinfection method based on dns sinkhole","volume":"18","author":"kim","year":"2008","journal-title":"Journal of KIISC"},{"key":"21","doi-asserted-by":"crossref","DOI":"10.1201\/9781420091281","author":"howard","year":"2009","journal-title":"Cyber Fraud Tactics Techniques and Procedures"},{"journal-title":"[Prg] Malware Case Study","year":"2006","author":"corporation","key":"20"},{"journal-title":"Top-10 Botnet Outbreaks in 2009 [Online]","year":"2009","key":"22"},{"journal-title":"Banking Malware Zeus Successfully Bypasses Anti-virus Detection [Online]","year":"2010","key":"23"},{"journal-title":"Zeus Source Code for Sale Got 100 000 Dollars? [Online]","year":"2011","key":"24"},{"journal-title":"Zeus Tracker [Online]","year":"2011","key":"25"},{"journal-title":"Google Translate Service [Online]","year":"2011","key":"26"},{"journal-title":"Annuncing Pcapr-local [Online]","year":"2011","key":"27"},{"journal-title":"Imacros Plugin [Online]","year":"0","key":"28"},{"key":"3","doi-asserted-by":"publisher","DOI":"10.1109\/WOWMOM.2006.87"},{"key":"2","article-title":"Impeding malware analysis using conditional code obfuscation","author":"sharif","year":"2008","journal-title":"Network and Distributed System Security (NDSS)"},{"key":"10","doi-asserted-by":"publisher","DOI":"10.1109\/PCCC.2009.5403858"},{"journal-title":"Norton Cybercrime Report 2011 [Online]","year":"2011","key":"1"},{"key":"7","first-page":"52","article-title":"The Dorothy Project: An Open Botnet Analysis Framework for Automatic Tracking and Activity Visualization","author":"cremonini","year":"2010","journal-title":"Proceedings of the 5th European Conference on Computer Network Defense (EC2ND)"},{"key":"6","article-title":"Know your enemy: Tracking botnets","author":"bacher","year":"2005","journal-title":"The Honeynet Project"},{"key":"5","article-title":"Honeytokens: The other honeypot","volume":"21","author":"spitzner","year":"2003","journal-title":"Security Focus"},{"key":"4","article-title":"A forensic framework for tracing phishers","author":"birk","year":"0","journal-title":"IFIP Summer School on the Future of Identity in the Information Society Karlstad Sweden 2007"},{"key":"9","article-title":"Binary code extraction and interface identification for security applications","author":"caballero","year":"0","journal-title":"ISOC NDSS'10 2010"},{"key":"8","doi-asserted-by":"publisher","DOI":"10.1109\/eCrime.2011.6151981"}],"event":{"name":"2011 eCrime Researchers Summit (eCrime 2011)","start":{"date-parts":[[2011,11,7]]},"location":"San Diego, CA, USA","end":{"date-parts":[[2011,11,9]]}},"container-title":["2011 eCrime Researchers Summit"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx5\/6146508\/6151974\/06151981.pdf?arnumber=6151981","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,27]],"date-time":"2025-08-27T18:27:53Z","timestamp":1756319273000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/6151981\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2011,11]]},"references-count":28,"URL":"https:\/\/doi.org\/10.1109\/ecrime.2011.6151981","relation":{},"subject":[],"published":{"date-parts":[[2011,11]]}}}