Our Botnet Analysis & Reporting Service (BARS) provides XML files detailing all aspects of tracked botnets
Our Botnet Analysis & Reporting Service (BARS) provides in-depth analysis, tracking, and history of malware families that utilize unique control protocols and possibly encryption mechanisms.
We provide the following unique elements as part of our BARS package:
Our data set contains information related to bots including:
Contains information related to hosts infected with malware (bots), including the IP, BGP and GeoIP information related to each Bot. Each infected host is also categorized with the type of malware it is infected with, including additional elements.
For example, an entry for a Waledac bot will include a Waledac element, listing the HTTP proxy used by the bot and possible SHA1 signatures for the malware the host is infected with.
Contains information related to command and control servers (botnets), including the family, the infected hosts connecting to that botnet, and details regarding the hosts used to control the botnet (if any). The schema also includes the type of botnet, the infected hosts that belong to that botnet, and details about the host(s) being used to control the botnet.
We list three different types of botnets: IRC (Internet Relay Chat), HTTP, and P2P (Peer to Peer), each with additional elements. For example, the XML entry for an IRC based botnet may include the IPs, ports, channels and passwords of multiple servers being used to control the botnet.
Contains information related to distributed denial of service (DDoS) attacks. Each DDoS element represents a separate attack recorded by our monitoring systems. The target of each attack is provided, along with attack details such as the location of the victim, the time of the attack, the duration, and (when available) details on the nature and strength of the attack.