Malware bots and Internet bots are a type of malware that can be programmed to hack into user accounts, search the Internet for contact information, send spam, or develop other malicious activities. To disguise the origin of such attacks, attackers can also distribute malicious bots through a botnet - that is, a bot network. A botnet consists of a number of devices connected to the Internet and running one or more bots without the knowledge of the respective device owner. Because each device has its own IP address, botnet traffic originates from a variety of IP addresses, making it harder to spot and block its point of origin. Botnets also self-propagate to more devices, which can then send out spam and in turn infect more machines.

If an IP, host name oder username pops up in the Kaduu logs, it means it has been infected with a malicious bot.

Malicious bots, also known as malware bots or botnets, can infect a wide range of devices, including personal computers, servers, and mobile devices. However, certain types of devices and users are more likely to be targeted than others. It is much more unlikely that public servers are infected with bots opposite to private computers. Here are the most exposed device types:

• Personal computers: Home users are often targeted by botnets because they may have weaker security protections in place than organizations. Additionally, botnets can spread through infected email attachments, infected software downloads and infected webpages, which are all common for home users.
• Servers: Businesses and organizations that operate servers are also at risk of botnet infections, particularly those that have a significant online presence, such as e-commerce websites or web hosting companies.
• Internet of Things (IoT) devices: The increasing popularity of IoT devices, such as smart cameras, routers, and home automation systems, has led to a rise in botnet infections targeting these devices. IoT devices often have weaker security protections and are easily compromised, making them a prime target for botnet operators.
• Mobile devices: Mobile devices can also be infected with botnets, particularly those that run on older or unpatched versions of the operating system. This can happen through infected apps, which are downloaded from non-official stores, or through infected webpages which are visited using the mobile browser.

There are two search pages:

1. Bot Record Search: On the bot records search page you can search in a database of indexed stealer bot records. The information is collected from stealer (trojan) logs distributed on hacker forums and marketplaces. This index is different from bot search, as it indexes separate records.
2. Bot Search: On this page you can search in a database of indexed stealer bot records. The information is collected from stealer (trojan) logs distributed on hacker forums and marketplaces. This index is different from bot record search, as it indexes bots and not separate records.

The syntax for the bot search needs to use our special operators. Lets say you want to find all bots that connect to a URL that contains "sbb", you need to search for url:sbb*. If you only search for sbb, you will get 0 results!

If you want to see the details of the bot records, please click on the IP address. You will the see the path of the file, that lead to the malware infection. More details about the user, the internet history and web calls will be also visible: