The Big Zeus Family Similarity Showdown v2

Good day!

I've spent a couple hours to update the Big Zeus Family Similarity Rundown, now including almost twice as many samples.

First, I would like to thank Maciej Kotowicz and Dennis Schwarz for both their valuable input and contributions to the data from which this analysis was created.

The Rundown now includes 99 versions of 14 families (before: 52 versions of 10 families).
Thanks to many contributions in Malpedia, I was able to increase the coverage of PandaBanker massively. With the additions to VMZeus, their direct connection and code evolution now is way more obvious.

Here is a preview, but you probably want to check out the data on its dedicated page.

Preview of the data

The Big Zeus Family Similarity Showdown

Dear followers of this blog, I wish you a happy new year!

About a month ago, I have launched my latest project: Malpedia (slides here).
Since the launch, we have grown by about 350 users and have a stable average 10 proposals/contributions per day. I hope that Malpedia will become a really useful resource for malware research over time!

This blog shall serve as a demonstration for what you can use with this malware corpus.
Over the last couple days, I have taken all dumps for versions of Zeus-related families and created a similarity matrix for them, using IDA Pro and BinDiff.

It looks like this:

Screenshot of "The Big Zeus Family Similarity Showdown"

Because I want to update this document over time, I have descided to host it on a dedicated page over at pnx.tf instead of using this blog. Over there, you can find more info on the families included and the methodology I used in order to create it.