BotHunter ®
  Cyber-TA Internet Release
  Computer Science Laboratory
  SRI International


  SAMPLE NAME:    Spy21_botHunter.txt
  Last Updated: Tue Dec 29 11:44:56 2009
BOTHUNTER LOGO
www.BOTHUNTER.net


Victim IP
 		Max Score
 		Profiles
 		CCs
 		Events
192.168.71.131
 1.5 VIEW 1
  • 85.92.158.75 (85-92-158-75.Reasonnet.Com), Country: Netherlands (Nl), City: (Unknown City).
  • 72.55.140.184 (Ip-72-55-140-184.Static.Privatedns.Com), Country: Canada (Ca), City: Montreal.
  • 1:2008371 {tcp} C&C Communication: ET MALWARE Likely Ad-ware installation phoning home (success and NSISDL User-Agent); 3195->80
  • 1:2008279 (2) {tcp} C&C Communication: ET MALWARE ZenoSearch Spyware User-Agent; 3194->80
  • 777:7777005 (3) {tcp} Outbound Scan: Detected intense non-malware port scanning of 21 IPs (18 /24s) (# pkts S/M/O/I=193/0/17/24): 53u:31, 80:162, 67u:14, 443:3
  • 1:2600098 {udp} Attack Prep: SPYWARE-DNS DNS lookup 10 chars (.com); 1026->53
  • 1:2600110 {udp} Attack Prep: SPYWARE-DNS DNS lookup 14 chars (.com); 1026->53
  • 1:2600144 {udp} Attack Prep: SPYWARE-DNS DNS lookup 6 chars (.com); 1026->53