Skip to comments.US Army Research Office’s BotHunter ( Malware detector)
Posted on 12/08/2008 9:47:54 AM PST by Ernest_at_the_Beach
When malware spammers get out of control, whats the best thing to do?
Call in the US Army, perhaps?
A free malware-detector called BotHunter, sponsored by the US Army Research Office, works so well that it has even found infected Mac computers, much to the embarrassment of the Mac owners who, of course, swear that their computers cannot be infected with bots, SC Magazine quotes Marcus Sachs, director at SANS Internet Storm Center, as saying.
And there have been 35,000 downloads so far, the story has Phillip Porras, program director of enterprise and infrastructure security at SRI International, a research and technology organization, and lead developer of the BotHunter project, saying.
It works so well that it has even found infected Mac computers, much to the embarrassment of the Mac owners who, of course, swear that their computers cannot be infected with bots, Marcus Sachs, director at SANS Internet Storm Center, told SCMagazineUS.com Tuesday in an email.
BotHunter was funded through a Cyber-Threat Analytics research grant from the US Army Research Office, says SC Magazine, adding:
It reportedly helps Windows, Mac and Linux users detect malware-infected hosts on their networks by tracking interactions that typically occur when a PC is infected with malware, Porras said. The tool will generate an infection profile with all the forensic evidence that was gathered.
The infection profile report will then allow users to determine which machines on the network are acting like they are infected. The tool anonymizes infection profiles and passes them back to SRI, where they go into a repository that is used to help generate new threat intelligence.
...I’m no help....someone may be along shortly to give suggestions...
I hadn’t heard of this either. I’ll check it out.
Give us some feedback when you can!
Will do. I’ll be traveling for business over the next few weeks but I’ll post what/when I can.
Saw your posts on the Malware keyword list....looking for people that may have or might try this and give the community some feedback ...
Will do. I'll get it running on a machine that's plugged into a span port on one of our more centralized switches. I'll also give it a try in our DMZ.
Just for grins, google Antispyware.com and then give yourself a swift kick...
“I have this antispyware.com comes up aout every five minutes how ... 7 posts - 6 authors - Last post: May 31, 2006
I have this antispyware.com comes up aout every five minutes how do I get rid of it?
answers.yahoo.com/question/index?qid=20060617223627AAFZCqp - 49k - Cached - Similar pages
Malware Advisor: Beware SpywareBot & antispyware.com!! Beware SpywareBot & antispyware.com!! Thanks to some info from the Sunbelt blog, this website, which was recently sold for $500000 has an app associated ...
temerc.blogspot.com/2006/12/beware-spywarebot-antispywarecom.html - 186k - Cached - Similar pages
Before You Buy That Anti-Spyware Program - Security Fix First of all, some of the best anti-spyware tools out there today are free. We review at least four of them in the video tutorials on computer security that ...
Oh really....just damn!
Did find this.:
If it helps any, BotHunter is apparently real, but the reference I looked at said it is Linux only.
Well,...I first saw the note at Distrowatchweekly and then went googling and found the article at Antispyware...I think the links to Bothunter are legit....
I am using McAfee AV these days, on my father-in-law's recommendation. He's an engineer and programmer, and although I don't much like him, I respect h### out of his recommendations, and McAfee warns you of troublesome websites. Like this one.
As they say, “Life is a beach, and then you get sand in your shorts...”
I think I saw a reference to a Windows version....
Re: bots on Macs
I am very skeptical about the claims of finding ‘bots on Macs. If this were true we would have heard of it before. Developing a major app like this with so many cross platform and cross processor ( both Intel AND PowerPC?) for simutaneous release is not an easy task. I cannot believe that these Mac spambots have somehow been overlooked by Secunia, Symantec, et al. It sounds like FUD to me.
I’m on my iPhone right now but I’ll ping the Mac list when I get home later today.
Ernest_at_the_Beach - What about Vista? Can I download the XP software?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.