Page 1 of 1
Trojan detection
Posted: Wed Sep 12, 2007 1:48 pm
by r0t3n
There are so many posts on this forum about trojan/spambot detection etc etc...
Can we maybe make one post with every single detection regexp/algothim etc so then its easier than to search the forum for however long to find some decent piece of code to detected trojans/pjens/spambots or whatever people call them...
Posted: Wed Sep 12, 2007 10:24 pm
by awyeah
I have seen there are only a few threads related to trojans/drones/spambots and infected clients on the forum. Since they vary from network to network and from channel to channel as well as I've seen it makes a difficult criteria to specify a single thread which can be used in general for every type.
Furthermore the threads I have searched and gone through are already out dated, since new trojans come out like daily and old ones for which detection solutions have been found or exist aren't likely to cause a threat , since they aren't present anymore. The only threads focussed basically on this forum are regarding random nick/ident/realname drones.
Some algorithms (such as in allprotection.tcl for drones), nick scorers in xchannel.tcl and spambuster.tcl all, and the one I use (not available publicly) which I am aware of are ways to detect random patterns.
If anyone is into this area for research on trojans, help would be appreciated by posting ideas and comments if they have encountered specific type of trojans on their IRC network and channels and figured a way to detect them or we could help to detect them by looking at the criteria for detecting them.
Re: Trojan detection
Posted: Thu Sep 13, 2007 12:39 am
by DragnLord
Tosser^^ wrote:There are so many posts on this forum about trojan/spambot detection etc etc...
Can we maybe make one post with every single detection regexp/algothim etc so then its easier than to search the forum for however long to find some decent piece of code to detected trojans/pjens/spambots or whatever people call them...
Isn't almost like saying "Why don't we put ALL threads into a single topic in a single forum since they all deal with eggdrops?" (Yes, that's an exaggeration.)
There are too many different kinds of spambots/floodbots/trojans/proxies out there to effectively lump them all into a single thread, and that's not even taking into consideration that different networks can have different services and/or methods to handle things of this type.
Posted: Thu Sep 13, 2007 3:47 pm
by r0t3n
If we have just a few good/working algothims in one thread, it will be easy to share detection methods. If we all help each other to help ourselfs, we can get a better understanding of trojans and/or have a better working, more accurate trojan detection algothim/system.
Posted: Thu Sep 13, 2007 5:23 pm
by Alchera
The current system works well enough.
DragnLord made an excellent point.
Posted: Sat Sep 15, 2007 9:39 am
by awyeah
@ Tosser^^: Maybe you should refine your search criteria.
Posted: Wed Sep 19, 2007 4:35 pm
by sKy
Post some problems with such bots. A log and a network+channel where them can be observed.