egghelp/eggheads community

There are so many posts on this forum about trojan/spambot detection etc etc...

Can we maybe make one post with every single detection regexp/algothim etc so then its easier than to search the forum for however long to find some decent piece of code to detected trojans/pjens/spambots or whatever people call them...

I have seen there are only a few threads related to trojans/drones/spambots and infected clients on the forum. Since they vary from network to network and from channel to channel as well as I've seen it makes a difficult criteria to specify a single thread which can be used in general for every type.

Furthermore the threads I have searched and gone through are already out dated, since new trojans come out like daily and old ones for which detection solutions have been found or exist aren't likely to cause a threat , since they aren't present anymore. The only threads focussed basically on this forum are regarding random nick/ident/realname drones.

Some algorithms (such as in allprotection.tcl for drones), nick scorers in xchannel.tcl and spambuster.tcl all, and the one I use (not available publicly) which I am aware of are ways to detect random patterns.

If anyone is into this area for research on trojans, help would be appreciated by posting ideas and comments if they have encountered specific type of trojans on their IRC network and channels and figured a way to detect them or we could help to detect them by looking at the criteria for detecting them.

Tosser^^ wrote:There are so many posts on this forum about trojan/spambot detection etc etc...

Can we maybe make one post with every single detection regexp/algothim etc so then its easier than to search the forum for however long to find some decent piece of code to detected trojans/pjens/spambots or whatever people call them...

Isn't almost like saying "Why don't we put ALL threads into a single topic in a single forum since they all deal with eggdrops?" (Yes, that's an exaggeration.)

There are too many different kinds of spambots/floodbots/trojans/proxies out there to effectively lump them all into a single thread, and that's not even taking into consideration that different networks can have different services and/or methods to handle things of this type.

If we have just a few good/working algothims in one thread, it will be easy to share detection methods. If we all help each other to help ourselfs, we can get a better understanding of trojans and/or have a better working, more accurate trojan detection algothim/system.

The current system works well enough.

DragnLord made an excellent point.

@ Tosser^^: Maybe you should refine your search criteria.

Post some problems with such bots. A log and a network+channel where them can be observed.