Infected Target:  192.168.71.196
Score:            1.8 (>= 0.8)
Infector List:    <unobserved>
Egg Source List:  <unobserved>
C & C List:       221.6.6.232 (2)
Peer Coord. List: <unobserved>
Resource List:    192.168.71.2
Observed Start:   07/20/2008 23:13:21.851 PDT
Report End:       07/20/2008 23:19:24.121 PDT
Gen. Time:        07/20/2008 23:19:24.121 PDT

INBOUND SCAN
    <unobserved>
    
EXPLOIT
    <unobserved>
    
EXPLOIT (slade)
    <unobserved>
    
EGG DOWNLOAD
    <unobserved>
    
C and C TRAFFIC
    221.6.6.232 (2) (23:13:22.292 PDT)
       event=1:2000355 {tcp} E4[rb] ET POLICY IRC authorization message
          3008<-81 (23:13:22.646 PDT)
       -------------------------
       event=1:2008124 {tcp} E4[rb] ET TROJAN Likely Bot Nick in IRC (USA +..)
          3008->81 (23:13:22.292 PDT)
       
PEER COORDINATION
    <unobserved>
    
OUTBOUND SCAN
    <unobserved>
    
ATTACK PREP
    192.168.71.2 (23:13:21.851 PDT)
       event=1:2600100 {udp} E6[rb] SPYWARE-DNS  DNS lookup 10 chars (.com)
          1026->53 (23:13:21.851 PDT)
       
DECLARE BOT
    221.6.6.232 (3) (23:13:21.957 PDT-23:19:24.121 PDT)
       event=1:2404006 (3) {tcp} E8[rb] ET DROP Known Bot C&C Server Traffic (group 7) 
          3: 3008->81 (23:13:21.957 PDT-23:19:24.121 PDT)
       
tcpslice 1216620801.851 1216621164.122 inputFile.tcpd | tcpdump -r - -w outputFile.tcpd 'host 192.168.71.196'