Infected Target:  192.168.44.144

Score:            1.0 (>= 0.8)
Infector List:    <unobserved>
Egg Source List:  218.93.205.19
C & C List:       218.93.205.19
Peer Coord. List: <unobserved>
Resource List:    <unobserved>
Observed Start:   11/16/2009 12:38:11.885 PST
Gen. Time:        11/16/2009 12:38:12.089 PST

INBOUND SCAN
    <unobserved>
    
EXPLOIT
    <unobserved>
    
EXPLOIT MALWARE DNS
    <unobserved>
    
EGG DOWNLOAD
    218.93.205.19 (12:38:12.089 PST)
       event=1:2001894 {tcp} E3[rb] ET MALWARE ToolbarPartner Spyware Agent Partner Install, [/inst.php?id=32&sid=0] MAC_Src: 00:0E:39:DB:3C:00
          3350->80 (12:38:12.089 PST)
       
C and C TRAFFIC
    <unobserved>
    
C and C TRAFFIC (RBN)
    <unobserved>
    
C and C DNS CHECK-IN
    218.93.205.19 (12:38:11.885 PST)
       event=1:2632222 {tcp} E4[dns] BHDNS SPYWARE-CONTACT: dl.guarddog2009.com (trojan TDSS), [] MAC_Src: 00:0E:39:DB:3C:00
          3350->80 (12:38:11.885 PST)
       
OUTBOUND SKYPE CANDIDATE
    <unobserved>
    
OUTBOUND SCAN (spp)
    <unobserved>
    
OUTBOUND SCAN
    <unobserved>
    
ATTACK PREP
    <unobserved>
    
PEER COORDINATION
    <unobserved>
    
DECLARE BOT
    <unobserved>
    
tcpslice 1258403891.885 1258403891.886 inputFile.tcpd | tcpdump -r - -w outputFile.tcpd 'host 192.168.44.144'

============================== SEPARATOR ================================
Infected Target:  192.168.44.144

Score:            1.0 (>= 0.8)
Infector List:    <unobserved>
Egg Source List:  218.93.205.19
C & C List:       218.93.205.19 (2)
Peer Coord. List: <unobserved>
Resource List:    <unobserved>
Observed Start:   11/16/2009 12:38:03.947 PST
Gen. Time:        11/16/2009 12:41:47.069 PST

INBOUND SCAN
    <unobserved>
    
EXPLOIT
    <unobserved>
    
EXPLOIT MALWARE DNS
    <unobserved>
    
EGG DOWNLOAD
    218.93.205.19 (12:38:12.089 PST)
       event=1:2001894 {tcp} E3[rb] ET MALWARE ToolbarPartner Spyware Agent Partner Install, [/inst.php?id=32&sid=0] MAC_Src: 00:0E:39:DB:3C:00
          3350->80 (12:38:12.089 PST)
       
C and C TRAFFIC
    <unobserved>
    
C and C TRAFFIC (RBN)
    <unobserved>
    
C and C DNS CHECK-IN
    218.93.205.19 (2) (12:38:03.947 PST)
       event=1:2632222 (2) {tcp} E4[dns] BHDNS SPYWARE-CONTACT: dl.guarddog2009.com (trojan TDSS), [] MAC_Src: 00:0E:39:DB:3C:00
          3350->80 (12:38:11.885 PST)
          3349->80 (12:38:03.947 PST)
       
OUTBOUND SKYPE CANDIDATE
    <unobserved>
    
OUTBOUND SCAN (spp)
    <unobserved>
    
OUTBOUND SCAN
    <unobserved>
    
ATTACK PREP
    <unobserved>
    
PEER COORDINATION
    <unobserved>
    
DECLARE BOT
    <unobserved>
    
tcpslice 1258403883.947 1258403883.948 inputFile.tcpd | tcpdump -r - -w outputFile.tcpd 'host 192.168.44.144'

============================== SEPARATOR ================================