The Italian Honey Project

[..]In the new version of the Trojan, the authors focus on eliminating the weakest link – a centralized system of information distribution.
Previous versions of Zeus were based on one (or few) predefined addresses which were used for botnet management. This allowed for relatively easy tracking and blocking of servers, thus rendering the botnet useless. However, the analysed variant of the Trojan used two new channels of communication to receive orders (figure on right):

1. Communication in a peer-to-peer network
2. Domain names Generation Mechanism

This variant has been analyzed to some extent by other researchers before – there is information on the web on the new variant of Zeus (eg abuse.ch ), however – based on our knowledge – previous research has focused on registering and monitoring traffic to Zeus domains. In our work we focus on understanding the P2P network communication mechanisms, mapping out the network, and monitoring the exchange of information in this particular network. [..]

via CERT Polska » Blog Archive » ZeuS – P2P+DGA variant – mapping out and understanding the threat.