U.S. Army in the anti-malware biz – for free

You know for all we as individuals complain about viruses, trojans and other such nasties imagine how it must be for government agencies where people don’t care for the most part about what lands on their machines. This has proven to be enough of a problem I guess that the U.S. Army through its Research Office has gotten into fighting malware on its own instead of using off the shelf solutions.

According to Angela Moscaritolo of SCMagazineUS the tool was developed by SRI International and funded through a Cyber Threat Analytics research grant from the USARO and has been getting high marks across all platforms

“It works so well that it has even found infected Mac computers, much to the embarrassment of the Mac owners who, of course, swear that their computers cannot be infected with bots,” Marcus Sachs, director at SANS Internet Storm Center, told SCMagazineUS.com Tuesday in an email.

[…]

It reportedly helps Windows, Mac and Linux users detect malware-infected hosts on their networks by tracking interactions that typically occur when a PC is infected with malware, Porras said. The tool will generate an infection profile with all the forensic evidence that was gathered.

The infection profile report will then allow users to determine which machines on the network are acting like they are infected. The tool anonymizes infection profiles and passes them back to SRI, where they go into a repository that is used to help generate new threat intelligence.

BotHunter will not clean up machines. If infected, Porras recommended removing the machine from the network and running various removal tools – including anti-virus and spyware solutions – to try and clear up infection.

To date there have been 35,000 downloads of BotHunter.

[hat tip to -=David=-]