Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Bot net hunters get an improved tool from SRI bothunters SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Bot net hunters get an improved tool from SRI bothunters

A new version of bothunter's botnet detection tool was recently released.
They have added: dynamic updating, an upgrade to the ruleset,
a basic GUI, bug fixes, malware oriented scan detection, and a set of
malware DNS-query detectors. It has support for linux, freeBSD, MacOS X,
Windows XP and a Live-CD so you can run it without installing it.
This tool uses some unusual correlation techniques to watch the
multi-directional flow of traffic from potentially infected internal systems
with external systems including c&c controllers, malware distribution etc...

"BotHunter flips the paradigm of classic network-based intrusion detection,"
says Phillip Porras, lead developer of the BotHunter project.
"Rather than monitoring who is trying to break into your network,
BotHunter detects those machines inside your network that are trying to
propagate infections or are being remotely controlled by external hackers."
BotHunter also includes a regular update service that allows fielded systems
to be updated with the latest information regarding remote botnet control sites,
malware related-DNS lookups, and Russian Business Network (RBN) address space,
 which are used to control infected computers. "Modern malware defenses need to
be adaptive and aware of the latest strategies used by Internet malware, and
BotHunter is ready to meet this challenge."

BotHunter is available for download at
BotHunter was funded through the Cyber-Threat Analytics (
research grant from the U.S. Army Research Office.



206 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!