BotHunter ®
  Cyber-TA Internet Release
  Computer Science Laboratory
  SRI International


  SAMPLE NAME:    Sobit_botHunter.txt
  Last Updated: Tue Dec 29 11:44:52 2009
BOTHUNTER LOGO
www.BOTHUNTER.net


Victim IP
 		Max Score
 		Profiles
 		CCs
 		Events
192.168.71.2
 1.0 VIEW 1
  • 777:7777005 (3) {tcp} Outbound Scan: Detected moderate malware port scanning of 9 IPs (5 /24s) (# pkts S/M/O/I=12/64/5/5): 137u:53, 138u:11
  • 1:2600098 {udp} Attack Prep: SPYWARE-DNS DNS lookup 10 chars (.com); 53<-1026
  • 1:2600137 {udp} Attack Prep: SPYWARE-DNS DNS lookup 4 chars (.com); 53<-1026