Score:            1.3 (>= 0.8)
Infected Target:  130.107.196.41
Infector List:    218.6.169.239
Egg Source List:  <unobserved>
C & C List:       24.192.170.232 (2)
Peer Coord. List: <unobserved>
Resource List:    24.192.170.232
Observed Start:   08/10/2008 05:59:31.374 PDT
Report End:       08/10/2008 05:59:33.872 PDT
Gen. Time:        08/10/2008 05:59:33.872 PDT

INBOUND SCAN
    <unobserved>

EXPLOIT
    218.6.169.239 (05:59:31.374 PDT)
       event=1:22466 {tcp} E2[rb] NETBIOS SMB-DS IPC$ unicode share access
          445<-3564 (05:59:31.374 PDT)

EXPLOIT (slade)
    <unobserved>

EGG DOWNLOAD
    <unobserved>

C and C TRAFFIC
    24.192.170.232 (2) (05:59:33.731 PDT-05:59:33.872 PDT)
       event=1:2002029 (2) {tcp} E4[rb] ET TROJAN BOT - channel topic scan/exploit command
          2: 1040<-13001 (05:59:33.731 PDT-05:59:33.872 PDT)

PEER COORDINATION
    <unobserved>

OUTBOUND SCAN
    <unobserved>

ATTACK PREP
    24.192.170.232 (05:59:33.732 PDT)
       event=1:2000352 {tcp} E6[rb] ET ATTACK RESPONSE IRC - dns request on non-std port
          1040->13001 (05:59:33.732 PDT)

DECLARE BOT
    <unobserved>

tcpslice 1218373171.374 1218373173.873 inputFile.tcpd | tcpdump -r - -w outputFile.tcpd 'host 130.107.196.41'

============================== SEPARATOR ================================