BotHunter is a passive network monitoring tool designed to recognize the communication patterns of malware-infected computers within your network perimeter. Using an advanced infection-dialog-based event correlation engine (patent pending), BotHunter represents the most in-depth network-based malware infection diagnosis system available today.
What's new in BotHunter
Enhanced IP blacklist performance via a new custom Snort plugin
Added Ethernet address reporting in the infection profile
Upgraded the Bothunter knowledge-based (including conficker variant detection)
Resolved problems in the Windows threat update service
User interface now perform name lookups on mouse-over IP addresses
Added ability to change home-net, DNS, and SMTP address lists after root installation.
Added behind-firewall option to installer (see BotHunter Behind or In Front of Firewall).
Added infection log roll-over options (see User Guide: Special Features).
Added optional Email delivery of infection reports (see User Guide: Special Features).
Added optional ArcSight CEF Alert output (see User Guide: Special Features).
BotHunter may now be permanently installed from the BotHunter Ubuntu LiveCD.
Added desktop icons to start BotHunter GUI for Linux and Mac OS X
Added test for, and installation of, patch when required.
Performs name-to-address lookups where IP addresses were previously required.
Attempts, within the confines of Java, to display which network adapters are available.
Allows for multiple input file arguments in batch mode.