Score:            0.8 (>= 0.8)
Infected Target:  130.107.226.164
Infector List:    203.70.52.115
Egg Source List:  <unobserved>
C & C List:       68.178.232.100
Peer Coord. List: <unobserved>
Resource List:    <unobserved>
Observed Start:   01/22/2010 05:58:35.143 PST
Gen. Time:        01/22/2010 05:58:39.181 PST

INBOUND SCAN
    <unobserved>

EXPLOIT
    203.70.52.115 (05:58:35.143 PST)
       event=1:299913 {tcp} E2[rb] SHELLCODE x86 0x90 unicode NOOP
          135<-26415 (05:58:35.143 PST)

EXPLOIT (slade)
    <unobserved>

EGG DOWNLOAD
    <unobserved>

C and C TRAFFIC
    68.178.232.100 (05:58:39.181 PST)
       event=1:2406022 {tcp} E4[rb] ET rbN Known Russian Business Network Monitored Domains (18)
          1099<-80 (05:58:39.181 PST)

PEER COORDINATION
    <unobserved>

OUTBOUND SCAN
    <unobserved>

ATTACK PREP
    <unobserved>

DECLARE BOT
    <unobserved>

tcpslice 1264168715.143 1264168715.144 inputFile.tcpd | tcpdump -r - -w outputFile.tcpd 'host 130.107.226.164'

============================== SEPARATOR ================================