c-zhong
commented
11 years ago Is there any IRC in the network flow?
I learnt that IRC is the typical cause of botnet
Open movingname opened 11 years ago
c-zhong
commented
11 years ago Is there any IRC in the network flow?
I learnt that IRC is the typical cause of botnet
movingname
commented
11 years ago I didn't find it in the network flow data. So a quick answer is no. I will further investigate it.
Currently, our hypothesis is that one host was infected by a malware first and then it spreads to other hosts. Then a natural question is: how can we find the first victim? To find it, we probably need to define what is the symptom of infection. For example, a high CPU usage rate?
If you are interested in this question, please join this issue. Thanks!