US Army Research Office’s BotHunter ( Malware detector)

Antispyware ^ | Wednesday, November 26th, 2008 at 12:53 pm | staff

[Ernest_at_the_Beach]

When malware spammers get out of control, what’s the best thing to do?

Call in the US Army, perhaps?

A free malware-detector called BotHunter, sponsored by the US Army Research Office, “works so well that it has even found infected Mac computers, much to the embarrassment of the Mac owners who, of course, swear that their computers cannot be infected with bots,” SC Magazine quotes Marcus Sachs, director at SANS Internet Storm Center, as saying.

And there have been 35,000 downloads so far, the story has Phillip Porras, program director of enterprise and infrastructure security at SRI International, a research and technology organization, and lead developer of the BotHunter project, saying.

“It works so well that it has even found infected Mac computers, much to the embarrassment of the Mac owners who, of course, swear that their computers cannot be infected with bots,” Marcus Sachs, director at SANS Internet Storm Center, told SCMagazineUS.com Tuesday in an email.

BotHunter was funded through a Cyber-Threat Analytics research grant from the US Army Research Office, says SC Magazine, adding:

“It reportedly helps Windows, Mac and Linux users detect malware-infected hosts on their networks by tracking interactions that typically occur when a PC is infected with malware, Porras said. The tool will generate an infection profile with all the forensic evidence that was gathered.

“The infection profile report will then allow users to determine which machines on the network are acting like they are infected. The tool anonymizes infection profiles and passes them back to SRI, where they go into a repository that is used to help generate new threat intelligence.”

[Ernest_at_the_Beach]

I just stumbled into this from a note on Today's DistroWatch Weekly....know nothing about other that what I read...will add some links...as I find them...

DistroWatch Weekly

Scroll to comments and #17.

**********************************EXCERPT*************************

17 • BotHunter (by Michael Dotson on 2008-12-08 13:54:14 GMT from United States)
This is a side issue to todays Distrowatch. I recently came across a story in the NY Times on-line web-page about a program callled BotHunter that works across all platforms, including linux. The obvious purpose is to hunt down malware. A live CD version based on Ubuntu is available as well as a tar.gz package. Perhaps I am just behind the curve, but I have never heard of this program until today and was wondering if anyone has had experience with it, and if so how well it works? The address is www.bothunter.net, and for the live cd as follows

: # * Live CD Distribution v1.0.2 (Official Release) - 17 November 2008
# BotHunter-LiveCD.v1.0.2.torrent [bittorrent only - 665.3MBs]
# (torrent file MD5 = 8617b7ca4c996a4b43cf42589c06beff)
# (ISO Image MD5 = 137c96d67d0f8605042a8cb92a3bf8dc)
# Live-CD: this is a self-booting ISO image of BotHunter operating on Ubuntu
Linux

[Ernest_at_the_Beach]

Website:

www.bothunter.net...news

[Ernest_at_the_Beach]

Link to FR Thread on NY Times article:

Thieves Winning Online War, Maybe in Your PC

[CE2949BB]

ooh! SRI! Sounds... interesting.

[Ernest_at_the_Beach]

ping!

[Red_Devil 232]

Free BotHunter - Download Link

[Ernest_at_the_Beach]

Link:

BotHunter® Internet ReleasE
Software Distribution Page

[MathDoc]

mark for later use - thanks!

[Ernest_at_the_Beach]

BotHunter is a passive network monitoring tool designed to recognize the communication patterns of malware-infected computers within your network perimeter.  Using an advanced infection-dialog-based event correlation engine (patent pending), BotHunter represents the most in-depth network-based malware infection diagnosis system available today.

NEW: There has been a lot of great press on BotHunter recently:  See Latest Press.

Download Now

Your system should have a modern Intel Pentium-class or Motorola PowerPC processor, at least 1 GB RAM, and at least 1 Ethernet NIC/WIC (for network monitoring).

---

• * Unix Distribution v1.0.2 (Official Release) -  14 November 2008
• BotHunter-Unix-Distribution-v1.0.2.tar.gz
  
• (MD5 = c1d27644290f50ff7655632eb732e9b0)
  
• Linux: tested on Fedora, Red Hat Enterprise Linux, Debian, and SuSE distributions
• FreeBSD: tested on Product Release 7.0
• Mac OS X: tested on Tiger and Leopard, Mac OS 10.4 and 10.5
• 
  
• * Windows XP Distribution v1.0.2 (Official Release) -  14 November 2008
• BotHunter-Win32-v1.0.2.exe,   (MD5 = 30aa9d81bab1709be2b61e428461666b)
• INSTALLATION ADVICE FOR WINDOWS USERS:  Click Here
  
• Download from Mirror Sites:    [SRI],  [EmergingThreats], [DShield]
  
• Windows XP:  this self-installing Win32 executable  will install all necessary supporting packages
• 
  
• * Live CD Distribution v1.0.2 (Official Release) -  17 November 2008
• BotHunter-LiveCD.v1.0.2.torrent   [bittorrent only - 665.3MBs]
• (torrent file MD5 = 8617b7ca4c996a4b43cf42589c06beff)
• (ISO Image  MD5 = 137c96d67d0f8605042a8cb92a3bf8dc)
• Live-CD: this is a self-booting ISO image of BotHunter operating on Ubuntu Linux

[IYAS9YAS]

Not sure about bot networks. But something strange is happening on an old e-mail account of mine. The e-mail in the in-box shows my old e-mail address as the source of the e-mail. In other words, I log in to my old xyz123@provider.com account, and there are e-mails in there from xyz123@provider.com that I know I didn’t send. Is there a way to determine whether or not that account has been hi-jacked?

[Ernest_at_the_Beach]

Thanks....

[Bloody Sam Roberts]

Thanks Ern. I’ve already downloaded and will check it out tonight for home use. Looks cool.

[momincombatboots]

Ok, I admit I have vista. It says it works for XP, anyone try it out on this horrid vista? Will be buying a mac, never another microsoft system again.

[JrsyJack]

Hey, isn’t that how the machines took over the world in The Terminator? What hell hath the spammers unleashed on us now!

[Lancey Howard]

Thanks for posting.
Bookmarked.

[JrsyJack]

I tried it on Vista, it reformatted my harddrive and told me to get XP back. Pretty smart software.

[Ernest_at_the_Beach]

Give us all some feedback...particularly if you are a Windows User....

[momincombatboots]

LOL.. I am scared to do it, but I want to. Vista is horrid!

[Ernest_at_the_Beach]

ROFL....

Should have said get Linux!

No reason to buy new Hardware!