BotHunter Daily Analysis Index

BotHunter ®
Cyber-TA Internet Release
Computer Science Laboratory
SRI International

SAMPLE NAME: Lewor.Z_botHunter.txt
Last Updated: Tue Dec 29 13:38:31 2009

www.BOTHUNTER.net

Victim IP	Max Score	Profiles	CCs	Events
192.168.71.2	2.0	VIEW 1	192.168.71.158 Country: (Private Address) City: (Private Address).	777:7777005 (2) {udp} Outbound Scan: Detected moderate malware port scanning of 20 IPs (13 /24s) (# pkts S/M/O/I=140/409/14/16): 137u:383, 138u:26 1:2600144 {udp} Attack Prep: SPYWARE-DNS DNS lookup 6 chars (.com); 53<-3029 1:2600332 {udp} Attack Prep: SPYWARE-DNS DNS lookup 7 chars (.net); 53<-3029 777:7777008 {tcp} Malware Scan: Detected intense malware port scanning of 21 IPs (14 /24s) (# pkts S/M/O/I=158/420/14/16): 137u:394, 138u:26