The ZeuS family of banking trojans remains probably one of the most serious threats to end-user on today’s Internet. In this talk, we will cover some history of the evolution of the trojan, its inner workings, and how it looks today. An overview of our experiences in analyzing the trojan and ZeuS botnets will be given, with particular focus on ZiTMo and the latest ZeuS P2P variants.
We will also show how cooperation between various stakeholders in Poland allowed for a quick and accurate assessment of a ZiTMo outbreak in early 2011, in spite of some historical media hype surrounding the event. Finally, a comparison will also be made with its great rival — SpyEye.