BotHunter ®
  Cyber-TA Internet Release
  Computer Science Laboratory
  SRI International


  SAMPLE NAME:    FindwhatSpyware_botHunter.txt
  Last Updated: Mon Dec 28 21:13:38 2009
BOTHUNTER LOGO
www.BOTHUNTER.net


Victim IP
 		Max Score
 		Profiles
 		CCs
 		Events
192.168.21.219
 1.0 VIEW 3
  • 94.75.207.170 (Hosted-By.Leaseweb.Com), Country: (Unknown Country?) City: (Unknown City?).
  • 66.150.51.151 Country: United States (Us), City: (Unknown City).
  • 204.137.28.195 (Static-204-137-28-195.Adknowledge.Com), Country: (Unknown Country?) City: (Unknown City?).
  • 1:2003380 (3) {tcp} Egg Download: ET TROJAN Suspicious User-Agent - Possible Trojan Downloader (ver18/ver19, etc), [/arkbp/atgdeerwwt.php]; 2302->80
  • 1:2003380 (12) {tcp} Egg Download: ET TROJAN Suspicious User-Agent - Possible Trojan Downloader (ver18/ver19, etc), [/arkbp/atgdeerwwt.php]; 2277->80
  • 1:2632222 {tcp} E4[dns] BHDNS SPYWARE-CONTACT: mcsmc.org (malware); 2341->80
  • 1:2003579 (2) {tcp} C&C Communication: ET MALWARE Findwhat.com Spyware (clickthrough), [/bin/findwhat.dll?clickthrough&y=52593&x=naqPFUOUOqatnql7SWGB05aNTv:G7adcs2q1P51SOFFjFwZsto6eNvVl7yOuoXpLwyVWxYePqn3oR::HbwgOZv]; 4720->80
  • 1:2632222 {tcp} E4[dns] BHDNS SPYWARE-CONTACT: mcsmc.org (malware); 4806->80
  • 1:2003579 (2) {tcp} C&C Communication: ET MALWARE Findwhat.com Spyware (clickthrough), [/bin/findwhat.dll?clickthrough&y=52593&x=Si2H7QdqZASNoCjrXI6DR4mr6UcpZ;Ejg42wm4a6KabLRqhFX8a7B3gv6Bc;6egffQVCw76LIC0wR8bh15S;RA]; 1076->80
  • 1:2003579 (4) {tcp} C&C Communication: ET MALWARE Findwhat.com Spyware (clickthrough), [/bin/findwhat.dll?clickthrough&y=52593&x=naqPFUOUOqatnql7SWGB05aNTv:G7adcs2q1P51SOFFjFwZsto6eNvVl7yOuoXpLwyVWxYePqn3oR::HbwgOZv]; 4720->80