BotHunter ®
  Cyber-TA Internet Release
  Computer Science Laboratory
  SRI International


  SAMPLE NAME:    AdRotator1.A_botHunter.txt
  Last Updated: Sun Dec 27 20:55:07 2009
BOTHUNTER LOGO
www.BOTHUNTER.net


Victim IP
 		Max Score
 		Profiles
 		CCs
 		Events
192.168.71.171
 1.5 VIEW 1
  • 85.92.158.75 (85-92-158-75.Reasonnet.Com), Country: Netherlands (Nl), City: (Unknown City).
  • 1:2008371 {tcp} C&C Communication: ET MALWARE Likely Ad-ware installation phoning home (success and NSISDL User-Agent); 3007->80
  • 777:7777005 (3) {tcp} Outbound Scan: Detected intense non-malware port scanning of 21 IPs (16 /24s) (# pkts S/M/O/I=176/13/4/5): 53u:20, 123u:1, 1900u:3, 80:156
  • 1:2600151 {udp} Attack Prep: SPYWARE-DNS DNS lookup 9 chars (.com); 3024->53