ICONSAD 2021, Antalya, Turkey, 22 - 25 May 2022, pp.248-257
With the development of the IoT, many technological changes such as the
digitalization of the banking sector and smart cities have brought security gaps. In addition to
this situation, users carelessly use PC, smartphones, tablets, etc. So that has made the attacks
even more flavorful. As a result of this situation, cyber crimes are increasing day by day. This
situation, which is a suitable environment for botmasters, provides the opportunity to perform
mass attacks using Command and Control (C&C) servers. Firewall and antivirus programs
use detection methods using virus signature while performing protection, but this alone is not
enough. Additionally, listening for network traffic increases protection. Meet the deficit of the
system and detecting botnets and Trojans in the network are vital for both network security
and prevention of cyberattacks. Botnets tend to hide from antivirus and protection programs
when attacking. So they update themselves. Detecting and revealing the hiding methods of
each botnet is extremely important for the detection of their behavior. The behavior of Spyeye
is observed, which is derived from Zeus banking malware and acts as a botnet, by making
dynamic and static analyses. By presenting examples of packet traffic analysis, which are
important for preventing and stopping attacks, a comparison process and analysis are aimed in
this study.