Skip to comments.
US Army Research Office’s BotHunter ( Malware detector)
Antispyware ^
| Wednesday, November 26th, 2008 at 12:53 pm
| staff
Posted on 12/08/2008 9:47:54 AM PST by Ernest_at_the_Beach
When malware spammers get out of control, whats the best thing to do?
Call in the US Army, perhaps?
A free malware-detector called BotHunter, sponsored by the US Army Research Office, works so well that it has even found infected Mac computers, much to the embarrassment of the Mac owners who, of course, swear that their computers cannot be infected with bots, SC Magazine quotes Marcus Sachs, director at SANS Internet Storm Center, as saying.
And there have been 35,000 downloads so far, the story has Phillip Porras, program director of enterprise and infrastructure security at SRI International, a research and technology organization, and lead developer of the BotHunter project, saying.
It works so well that it has even found infected Mac computers, much to the embarrassment of the Mac owners who, of course, swear that their computers cannot be infected with bots, Marcus Sachs, director at SANS Internet Storm Center, told SCMagazineUS.com Tuesday in an email.
BotHunter was funded through a Cyber-Threat Analytics research grant from the US Army Research Office, says SC Magazine, adding:
It reportedly helps Windows, Mac and Linux users detect malware-infected hosts on their networks by tracking interactions that typically occur when a PC is infected with malware, Porras said. The tool will generate an infection profile with all the forensic evidence that was gathered.
The infection profile report will then allow users to determine which machines on the network are acting like they are infected. The tool anonymizes infection profiles and passes them back to SRI, where they go into a repository that is used to help generate new threat intelligence.
TOPICS: Computers/Internet
KEYWORDS: bothunter; botnet; malware
Navigation: use the links below to view more comments.
first 1-20, 21-40, 41-60, 61-80, 81 next last
To: ShadowAce
I just stumbled into this from a note on Today's DistroWatch Weekly....know nothing about other that what I read...will add some links...as I find them...
DistroWatch Weekly
Scroll to comments and #17.
**********************************EXCERPT*************************
17 BotHunter (by Michael Dotson on 2008-12-08 13:54:14 GMT from United States)
This is a side issue to todays Distrowatch. I recently came across a story in the NY Times on-line web-page about a program callled BotHunter that works across all platforms, including linux. The obvious purpose is to hunt down malware. A live CD version based on Ubuntu is available as well as a tar.gz package. Perhaps I am just behind the curve, but I have never heard of this program until today and was wondering if anyone has had experience with it, and if so how well it works? The address is www.bothunter.net, and for the live cd as follows
: # * Live CD Distribution v1.0.2 (Official Release) - 17 November 2008
# BotHunter-LiveCD.v1.0.2.torrent [bittorrent only - 665.3MBs]
# (torrent file MD5 = 8617b7ca4c996a4b43cf42589c06beff)
# (ISO Image MD5 = 137c96d67d0f8605042a8cb92a3bf8dc)
# Live-CD: this is a self-booting ISO image of BotHunter operating on Ubuntu
Linux
To: All
To: All; Swordmaker
To: Ernest_at_the_Beach
ooh!
SRI! Sounds... interesting.
5
posted on
12/08/2008 9:58:57 AM PST
by
CE2949BB
(Fight.)
To: rdb3; KoRn; Bloody Sam Roberts
To: Ernest_at_the_Beach
7
posted on
12/08/2008 10:07:52 AM PST
by
Red_Devil 232
(VietVet - USMC All Ready On The Right? All Ready On The Left? All Ready On The Firing Line!)
To: All
To: Ernest_at_the_Beach
mark for later use - thanks!
9
posted on
12/08/2008 10:11:04 AM PST
by
MathDoc
(War is Peace. Freedom is Slavery. Ignorance is Strength. Obama is Good.)
BotHunter is a passive network monitoring tool designed to recognize the communication patterns of malware-infected computers within your network perimeter. Using an advanced
infection-dialog-based event correlation engine (patent pending), BotHunter represents the most in-depth network-based malware infection diagnosis system available today.
NEW: There has been a lot of great press on BotHunter recently: See Latest Press.
Your system should have a modern Intel Pentium-class or Motorola PowerPC processor, at least 1 GB RAM, and at least 1 Ethernet NIC/WIC (for network monitoring).
- * Unix Distribution v1.0.2 (Official Release) - 14 November 2008
- BotHunter-Unix-Distribution-v1.0.2.tar.gz
- (MD5 = c1d27644290f50ff7655632eb732e9b0)
- Linux: tested on Fedora, Red Hat Enterprise Linux, Debian, and SuSE distributions
- FreeBSD: tested on Product Release 7.0
- Mac OS X: tested on Tiger and Leopard, Mac OS 10.4 and 10.5
-
- * Windows XP Distribution v1.0.2 (Official Release) - 14 November 2008
- BotHunter-Win32-v1.0.2.exe, (MD5 = 30aa9d81bab1709be2b61e428461666b)
- INSTALLATION ADVICE FOR WINDOWS USERS: Click Here
- Download from Mirror Sites: [SRI], [EmergingThreats], [DShield]
- Windows XP: this self-installing Win32 executable will install all necessary supporting packages
-
- * Live CD Distribution v1.0.2 (Official Release) - 17 November 2008
- BotHunter-LiveCD.v1.0.2.torrent [bittorrent only - 665.3MBs]
- (torrent file MD5 = 8617b7ca4c996a4b43cf42589c06beff)
- (ISO Image MD5 = 137c96d67d0f8605042a8cb92a3bf8dc)
- Live-CD: this is a self-booting ISO image of BotHunter operating on Ubuntu Linux
To: Ernest_at_the_Beach
Not sure about bot networks. But something strange is happening on an old e-mail account of mine. The e-mail in the in-box shows my old e-mail address as the source of the e-mail. In other words, I log in to my old xyz123@provider.com account, and there are e-mails in there from xyz123@provider.com that I know I didn’t send. Is there a way to determine whether or not that account has been hi-jacked?
11
posted on
12/08/2008 10:12:27 AM PST
by
IYAS9YAS
(Hey Obama, why lawyer up when you can pony up? Show us your vault copy BC)
To: Red_Devil 232
To: Ernest_at_the_Beach
Thanks Ern. I’ve already downloaded and will check it out tonight for home use. Looks cool.
13
posted on
12/08/2008 10:12:59 AM PST
by
Bloody Sam Roberts
(Inspiration: The momentary cessation of stupidity.)
To: Ernest_at_the_Beach
Ok, I admit I have vista. It says it works for XP, anyone try it out on this horrid vista? Will be buying a mac, never another microsoft system again.
14
posted on
12/08/2008 10:15:48 AM PST
by
momincombatboots
(Not a journey for the feeble.)
To: Ernest_at_the_Beach
Hey, isn’t that how the machines took over the world in The Terminator? What hell hath the spammers unleashed on us now!
15
posted on
12/08/2008 10:15:51 AM PST
by
JrsyJack
(We Shoot, We Vote, We're angry!)
To: Ernest_at_the_Beach
Thanks for posting.
Bookmarked.
To: momincombatboots
I tried it on Vista, it reformatted my harddrive and told me to get XP back. Pretty smart software.
17
posted on
12/08/2008 10:17:00 AM PST
by
JrsyJack
(We Shoot, We Vote, We're angry!)
To: Bloody Sam Roberts
Give us all some feedback...particularly if you are a Windows User....
To: JrsyJack
LOL.. I am scared to do it, but I want to. Vista is horrid!
19
posted on
12/08/2008 10:18:22 AM PST
by
momincombatboots
(Not a journey for the feeble.)
To: JrsyJack; momincombatboots
ROFL....
Should have said get Linux!
No reason to buy new Hardware!
Navigation: use the links below to view more comments.
first 1-20, 21-40, 41-60, 61-80, 81 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson