BotHunter ®
  Cyber-TA Internet Release
  Computer Science Laboratory
  SRI International


  SAMPLE NAME:    Symantec_RTVScan_Exploit_botHunter.txt
  Last Updated: Tue Dec 29 13:39:03 2009
BOTHUNTER LOGO
www.BOTHUNTER.net


Victim IP
 		Max Score
 		Profiles
 		CCs
 		Events
192.168.1.175
 1.3 VIEW 2
  • 1:22003250 {tcp} Inbound Attack: ET EXPLOIT Symantec Remote Management RTVScan Exploit MAC_Dst: 00:00:5E:00:01:6F; 2967<-2692
  • 1:552123 {tcp} Outbound Attack: REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner; 1055->56
  • 1:2000419 {tcp} Egg Download: ET POLICY PE EXE or DLL Windows file download; 1058<-20
  • 1:2000427 {tcp} Egg Download: ET POLICY PE EXE Install Windows file download; 1058<-20