SOURCE: SRI International

November 24, 2008 08:00 ET

SRI Research Team Unveils Free Malware Detection Tool for Windows, MacOS, and Linux Platforms

MENLO PARK, CA--(Marketwire - November 24, 2008) - Researchers from SRI International have released a free application to help Windows, Mac, and Linux users detect malware-infected hosts on their networks. The BotHunter® network-based malware detection software is a significant addition to the arsenal of tools available to help users combat the prolific rise of Internet malware. Using an advanced patent-pending infection-dialog-based event correlation engine, BotHunter introduces one of the most in-depth network-based malware infection diagnosis systems available today.

In the first half of 2008, Microsoft reportedly observed a 43 percent rise in the prevalence of malware-infected computers. Researchers are also observing a rise in what they refer to as Malware 2.0: malware that is increasingly virulent and stealthy. Regardless of how Internet malware enters your network -- through innocent web surfing, email attachments, direct exploit, or by attaching your laptop to the wrong wireless network -- once a machine within your perimeter is compromised your whole network is under threat. BotHunter can help you quickly recognize and isolate these infected machines.

BotHunter is a network monitoring system designed to correlate the two-way communication flows between vulnerable computers and external hackers. It tracks the underlying key interactions that most commonly occur when a PC is infected by a malicious software application, such as adware, spyware, viruses, worms, and botnets. BotHunter then ties together the dialog trail of inbound intrusion alarms with outbound communication patterns that are highly indicative of a successful local computer infection. When a sequence of evidence is found to match BotHunter's infection dialog model, a consolidated report is produced to capture all relevant events and event sources that played a role during the infection process.

"BotHunter flips the paradigm of classic network-based intrusion detection," says Phillip Porras, SRI program director of Enterprise and Infrastructure Security, and lead developer of the BotHunter project. "Rather than monitoring who is trying to break into your network, BotHunter detects those machines inside your network that are trying to propagate infections or are being remotely controlled by external hackers."

BotHunter also includes an auto-update service that allows fielded systems to receive the latest threat intelligence regarding new sources for ad and spyware management, botnet control sites, backdoor and control ports, and malware related domain name lookups. The update service also publishes new dialog analysis rules to help BotHunter recognize emerging exploits and malware communication patterns. Modern malware defenses need to be adaptive and aware of the latest strategies used by Internet malware, and BotHunter is ready to meet this challenge.

BotHunter was funded through the Cyber-Threat Analytics ( research grant from the U.S. Army Research Office, and is available for download at BotHunter is free to all end-users. SRI welcomes inquiries from entities who wish to redistribute BotHunter or to incorporate the software into their products.

About SRI International

Silicon Valley-based SRI International ( is one of the world's leading independent research and technology development organizations. SRI, which was founded by Stanford University as Stanford Research Institute in 1946 and became independent in 1970, has been meeting the strategic needs of clients and partners for more than 60 years. Perhaps best known for its invention of the computer mouse and interactive computing, SRI has also been responsible for major advances in networking and communications, robotics, drug discovery and development, advanced materials, atmospheric research, education research, economic development, national security, and more. The nonprofit institute performs sponsored research and development for government agencies, businesses, and foundations. SRI also licenses its technologies, forms strategic alliances, and creates spin-off companies. In 2007, SRI's consolidated revenues, including its wholly owned for-profit subsidiary, Sarnoff Corporation, were approximately $450 million.

BotHunter® is a registered trademark of SRI International.

Contact Information

  • Media Contact:
    Lindsay Sheppard
    SRI International
    (650) 859-2491
    Email Contact