Jump to content

Wikipedia:Peer review/Gameover ZeuS/archive1

From Wikipedia, the free encyclopedia

Hello, I have made a large edit to this article which used to be a stub and I want to know where it can be improved. The main things I am worried about are readability and whether or not various details should/shouldn't be in the article. Thank you in advance.

Eithersummer (talk) 08:29, 23 July 2023 (UTC)[reply]


Hello, thanks for your contribution. At first glance this looks interesting, well sourced, and well written. I will be continuing the review below by section. I think once these comments are addressed this should be submitted for GA nomination. Czarking0 (talk) 23:33, 21 September 2023 (UTC)[reply]

Overview

[edit]

Evgeniy Bogachev should have a stub page made.

Botnet structure

[edit]

At the end I think it would be worth mentioning that some of the botnets where migrated from previous versions of Zues. Also this section should include the diagram from Andriesse et al which shows the network topology (Figure 1).

Security

[edit]

Define what you mean by sensors in this section.

"The DGA generated one thousand domains every week and each bot would attempt to contact every domain; this meant that if the botnet's current C2 servers were in danger of being shut down, the botmasters could set up a new server using a domain in the generated list and re-establish control over the network" Is there a known case of this actually happening? That would be worth mentioning here.

Management

[edit]

In this section I think the profit sharing agreement and fact that not all members had equal access is notable. [1]. Potentially worth showing the depictions of the C2 GUI from [2].

Bank Theft

[edit]

I like how Curtail is mentioned as the tool for distributing the malware. I think you should mention the use of Dirt Jumper for the DDos attacks. It was also not clear to me how the DDos aids the stealing of the funds until I read Gross, Garrett (March 2016). "Detecting and destroying botnets". Network Security. 2016 (3): 8. doi:10.1016/S1353-4858(16)30027-7. ISSN 1353-4858. OCLC 6017168570. S2CID 29356524..

Should the map of where the funds ended from [3].

CryptoLocker

[edit]

The massive difference in funds stolen makes me question the sources. Is it possible to clean this up? Maybe this is just a good way to be unbiased.

Overall looking good

  1. ^ Sandee 2015, p. 7.
  2. ^ Sandee 2015, p. 16.
  3. ^ Sandee 2015, p. 18.