A new tool from SRI International will help home users and network administrators detect botnet activity on their home networks. The tool, BotHunter, is free and works on Windows, Mac, and Linux driven systems.
New tool hunts out bot-like activity on the network. (IMG:J.Anderson)
SRI points out that it doesn’t matter how the Malware entered the network, through innocent web surfing, email attachments, direct exploit, or by attaching your laptop to the wrong wireless access point, once a machine within your perimeter is compromised, your whole network is under threat. BotHunter can help you quickly recognize and isolate these infected machines.
BotHunter works by correlating the two-way communication flows between infected systems and external control systems used by botnet owners and criminals. It tracks the underlying interactions that most commonly occur when a PC is infected by a malicious software application, such as Adware, Spyware, Viruses, Worms, and of course, botnet code.
BotHunter then ties together the dialog trail of inbound and outbound communication patterns. When a sequence of evidence is found to match BotHunter's infection dialog model, a report is produced to capture all relevant events and event sources that played a role during the infection process.
“BotHunter flips the paradigm of classic network-based intrusion detection,” says Phillip Porras, SRI program director of Enterprise and Infrastructure Security, and lead developer of the BotHunter project. “Rather than monitoring who is trying to break into your network, BotHunter detects those machines inside your network that are trying to propagate infections or are being remotely controlled...”
To stay on top of things, BotHunter will auto-update, allowing fielded systems to receive the latest threat intelligence regarding new sources for Adware and Spyware management, botnet control sites, backdoor and control ports, and Malware related domain name lookups.
SRI also said that the update service also publishes new dialog analysis rules to help BotHunter recognize emerging exploits and malware communication patterns.
The tool is free and available online here.
Interested in a more interactive TTH? Join our Facebook Group Want regular updates from The Tech Herald? Follow us on Twitter
Advertising
Comment on this Story