1. M. Sikorski and A. Honig, Practical Malware Analysis, The Hands-On Guide to Dissecting Malicious Software, San Francisco: No Starch Press, 2012.

2. J. Seitz, Gray Hat Python: Python Programming for Hackers and Reverse Engineers, San Francisco: No Starch Press, 2009.

3. Malware Forensics Field Guide for Windows Systems: Digital Forensics Field Guides, Waltham: Syngress, 2012.

4. C. Eagle, The IDA Pro book : The Unofficial Guide to the World’s Most Popular Disassembler, San Francisco: No Starch Press, 2011.

5. A. Singh, Identifying Malicious Code Through Reverse Engineering (Advances in Information Security), New York: Springer, 2009.

6. H. Binsalleeh, T. Ormerod, A. Boukhtouta, P. Sinha, A. Youssef, M. Debbabi and L. Wang, “On the Analysis of the Zeus Botnet Crimeware Toolkit,” in Int’l Conference on Privacy Security and Trust (PST), Ottawa, 2010.

7. A. Rahimian, P. Charland, S. Preda and M. Debbabi, “RESource: A Framework for Online Matching of Assembly with Open Source Code,” in Int’l Conference on Foundations and Practice of Security (FPS), Montreal, 2012.

8. P. Charland and B. C. M. Fung and M. R. Farhadi, “Clone Search for Malicious Code Correlation,” in NATO RTO Symposium on Information Assurance and Cyber Defense (IST-111), Koblenz, 2012.

9. A. Saebjornsen, J. Willcock, T. Panas, D. Quinlan and Z. Su, “Detecting Code Clones in Binary Executables”, in Int’l Symposium on Software Testing and Analysis (ISSTA), Chicago, 2009.

10. R. Sherstobitoff, “Inside the World of the Citadel Trojan,” McAfee, 2013.

11. AnhLab ASEC, “Malware Analysis: Citadel,” December 2012. [Online]. Available: http://seifreed.es/docs/Citadel Troja Report_eng.pdf. [Accessed May 2013].

12. J. Wyke, “The Citadel Crimeware Kit - Under the Microscope,” December 2012. [Online]. Available: http://nakedsecurity.sophos.com/2012/12/05/the-citadel-crimeware-kit-under-the-microscope/. [Accessed May 2013].

13. CERT Polska, “Takedown of the plitfi Citadel botnet,” April 2013. [Online]. Available: http://www.cert.pl/PDF/Report_Citadel_plitfi_EN.pdf. [Accessed May 2013].

14. Microsoft Digital Crimes Unit, “Microsoft, financial services and others join forces to combat massive cybercrime ring,” June 2013. [Online]. Available: http://www.microsoft.com/en-us/news/Press/2013/Jun13/06-05DCUPR.aspx. [Accessed June 2013].

15. J. Vincent, “$500 million botnet Citadel attacked by Microsoft and the FBI: Joint operation identified more than 1000 botnets, but operations continue,” June 2013. [Online]. Available: http://www.independent.co.uk/life-style/gadgets-and-tech/news/500-million-botnet-citadel-attacked-by-microsoft-and-the-fbi-8647594.html. [Accessed June 2013].

16. “List of Domain Names by Registry (Citadel),” June 2013. [Online]. Available: http://botnetlegalnotice.com/citadel/files/Compl_App_A.pdf.

17. J. Milletary, “Citadel Trojan Malware Analysis,” Dell SecureWorks, 2012.

18. “Immunity Debugger: The Best of Both Worlds,” Immunity, 2013. [Online]. Available: http://www.immunityinc.com/products-immdbg.shtml.

19. “IDA Pro: Multi-processor Disassembler and Debugger,” Hex-Rays, 2013. [Online]. Available: https://www.hex-rays.com/products/ida/debugger/index.shtml.

20. “The Volatility Framework: Volatile Memory (RAM) Artifact Extraction Utility Framework,” Volatile Systems, 2013. [Online]. Available: https://www.volatilesystems.com/default/volatility.

21. G. Bonfante, J. Marion, F. Sabatier and A. Thierry, “Code Synchronization by Morphological Analysis”, in Int’l Conference on Malicious and Unwanted Software (MALWARE), Washington, 2012.