MaMa / Casper / plaNETWORK / sun4u Bot Search scanners under monitoring
Previously I wrote a blog post about the ByroeNet/Casper-Like bot scanners, and adapted some ET rules in order to detect these bots activities.
The 1010041 rule focus on all “MaMa” scanners (MaMa CaSpEr, MaMa CyBer, MaMa ebes, etc.), the 1010040 rule focus on all “Bot Search” scanners (b3b4s, Casper, dex, Jcomers, kmccrew, plaNETWORK, sasqia, sledink, etc.) and the ET 2011244 rule focus on all “sun4u” scanners (Mozilla/4.76 [ru] (X11; U; SunOS 5.7 sun4u), etc.).
Until first August the rules where under testing, so the previous values are incorrect.
Here under you can find real time graphs for the 3 different rules.