Infected Target:  192.168.71.2
Score:            1.0 (>= 0.8)
Infector List:    <unobserved>
Egg Source List:  <unobserved>
C & C List:       <unobserved>
Peer Coord. List: <unobserved>
Resource List:    192.168.71.163 (2)
Observed Start:   07/07/2008 21:14:52.402 PDT
Gen. Time:        07/07/2008 21:19:19.173 PDT

INBOUND SCAN
    <unobserved>
    
EXPLOIT
    <unobserved>
    
EXPLOIT (slade)
    <unobserved>
    
EGG DOWNLOAD
    <unobserved>
    
C and C TRAFFIC
    <unobserved>
    
PEER COORDINATION
    <unobserved>
    
OUTBOUND SCAN
    192.168.71.163 (3) (21:14:54.592 PDT)
       event=777:7777005 (3) {tcp} E5[bh] Detected moderate malware port scanning of 9 IPs (5 /24s) (# pkts S/M/O/I=12/64/5/5): 137u:53, 138u:11
          0<-0 (21:14:54.592 PDT)
          0<-0 (21:17:19.055 PDT)
          0<-0 (21:19:19.173 PDT)
       
ATTACK PREP
    192.168.71.163 (2) (21:14:52.402 PDT)
       event=1:2600098 {udp} E6[rb] SPYWARE-DNS  DNS lookup 10 chars (.com)
          53<-1026 (21:14:52.402 PDT)
       -------------------------
       event=1:2600137 {udp} E6[rb] SPYWARE-DNS  DNS lookup 4 chars (.com)
          53<-1026 (21:14:54.598 PDT)
       
DECLARE BOT
    <unobserved>
    
tcpslice 1215490492.402 1215490492.403 inputFile.tcpd | tcpdump -r - -w outputFile.tcpd 'host 192.168.71.2'