BotHunter ®
  Cyber-TA Internet Release
  Computer Science Laboratory
  SRI International


  SAMPLE NAME:    Spyware1_botHunter.txt
  Last Updated: Tue Dec 29 11:45:03 2009
BOTHUNTER LOGO
www.BOTHUNTER.net


Victim IP
 		Max Score
 		Profiles
 		CCs
 		Events
192.168.71.130
 1.5 VIEW 1
  • 204.160.122.124 Country: United States (Us), City: (Unknown City).
  • 89.188.16.34 Country: United States (Us), City: Owatonna, Mn.
  • 1:2007772 {tcp} C&C Communication: ET MALWARE Suspicious User Agent (Internet Explorer (compatible)); 3010->80
  • 1:2007142 {tcp} C&C Communication: ET TROJAN Virtumonde Variant Reporting to Controller via HTTP; 3009->80
  • 777:7777005 (3) {tcp} Outbound Scan: Detected moderate malware port scanning of 9 IPs (7 /24s) (# pkts S/M/O/I=10/87/5/5): 137u:70, 138u:17
  • 1:2600109 {udp} Attack Prep: SPYWARE-DNS DNS lookup 14 chars (.com); 1027->53