There are so many posts on this forum about trojan/spambot detection etc etc...
Can we maybe make one post with every single detection regexp/algothim etc so then its easier than to search the forum for however long to find some decent piece of code to detected trojans/pjens/spambots or whatever people call them...
This is the new home of the egghelp.org community forum.
All data has been migrated (including user logins/passwords) to a new phpBB version.
For more information, see this announcement post. Click the X in the top right-corner of this box to dismiss this message.
All data has been migrated (including user logins/passwords) to a new phpBB version.
For more information, see this announcement post. Click the X in the top right-corner of this box to dismiss this message.
Trojan detection
Trojan detection
r0t3n @ #r0t3n @ Quakenet
I have seen there are only a few threads related to trojans/drones/spambots and infected clients on the forum. Since they vary from network to network and from channel to channel as well as I've seen it makes a difficult criteria to specify a single thread which can be used in general for every type.
Furthermore the threads I have searched and gone through are already out dated, since new trojans come out like daily and old ones for which detection solutions have been found or exist aren't likely to cause a threat , since they aren't present anymore. The only threads focussed basically on this forum are regarding random nick/ident/realname drones.
Some algorithms (such as in allprotection.tcl for drones), nick scorers in xchannel.tcl and spambuster.tcl all, and the one I use (not available publicly) which I am aware of are ways to detect random patterns.
If anyone is into this area for research on trojans, help would be appreciated by posting ideas and comments if they have encountered specific type of trojans on their IRC network and channels and figured a way to detect them or we could help to detect them by looking at the criteria for detecting them.
Furthermore the threads I have searched and gone through are already out dated, since new trojans come out like daily and old ones for which detection solutions have been found or exist aren't likely to cause a threat , since they aren't present anymore. The only threads focussed basically on this forum are regarding random nick/ident/realname drones.
Some algorithms (such as in allprotection.tcl for drones), nick scorers in xchannel.tcl and spambuster.tcl all, and the one I use (not available publicly) which I am aware of are ways to detect random patterns.
If anyone is into this area for research on trojans, help would be appreciated by posting ideas and comments if they have encountered specific type of trojans on their IRC network and channels and figured a way to detect them or we could help to detect them by looking at the criteria for detecting them.
·awyeah·
==================================
Facebook: jawad@idsia.ch (Jay Dee)
PS: Guys, I don't accept script helps or requests personally anymore.
==================================
==================================
Facebook: jawad@idsia.ch (Jay Dee)
PS: Guys, I don't accept script helps or requests personally anymore.
==================================
Re: Trojan detection
Isn't almost like saying "Why don't we put ALL threads into a single topic in a single forum since they all deal with eggdrops?" (Yes, that's an exaggeration.)Tosser^^ wrote:There are so many posts on this forum about trojan/spambot detection etc etc...
Can we maybe make one post with every single detection regexp/algothim etc so then its easier than to search the forum for however long to find some decent piece of code to detected trojans/pjens/spambots or whatever people call them...
There are too many different kinds of spambots/floodbots/trojans/proxies out there to effectively lump them all into a single thread, and that's not even taking into consideration that different networks can have different services and/or methods to handle things of this type.
@ Tosser^^: Maybe you should refine your search criteria.
·awyeah·
==================================
Facebook: jawad@idsia.ch (Jay Dee)
PS: Guys, I don't accept script helps or requests personally anymore.
==================================
==================================
Facebook: jawad@idsia.ch (Jay Dee)
PS: Guys, I don't accept script helps or requests personally anymore.
==================================
