Aiming to take the fight to the bot herders, a company - SRI International - has released a tool called BotHunter. It is free. The software works by monitoring the communication between compromised hosts on a corporate network and bot-herding computers also known as command & control centres.

BotHunter uses what sounds more like heuristic methods and processes (where detection is based on patterns) or than signatures (where detection is based on known attacks). This is how it works:

BotHunter is a network monitoring system designed to correlate the two-way communication flows between vulnerable computers and external hackers. It tracks the underlying key interactions that most commonly occur when a PC is infected by a malicious software application, such as adware, spyware, viruses, worms, and botnets.  BotHunter then ties together the dialog trail of inbound intrusion alarms with outbound communication patterns that are highly indicative of a successful local computer infection. When a sequence of evidence is found to match BotHunter’s infection dialog model, a consolidated report, is produced to capture all relevant events and event sources that played a role during the infection process.

BotHunter runs on FreeBSD, Linux, Windows and Mac OSX and can be downloaded here. I have also included it in my security toolchest found here.

Share, its free!
  • Digg
  • del.icio.us
  • Google
  • Technorati
  • Slashdot
  • Reddit

Related Posts