SOC Experts Community - Beta
0 like 0 dislike
in Security Concepts by (5.9k points)

1 Answer

0 like 0 dislike
by (4.1k points)
  • IRC traffic (botnets and bot masters use IRC for communications)

  • Connection attempts with known C&C servers

  • Multiple machines on a network making identical DNS requests

  • High outgoing SMTP traffic (as a result of sending spam)

  • Unexpected popups (as a result of clickfraud activity)

  • Slow computing/high CPU usage

  • Spikes in traffic, especially Port 6667 (used for IRC), Port 25 (used in email spamming), and Port 1080 (used by proxy servers)

  • Outbound messages (email, social media, instant messages, etc) that weren’t sent by the user

  • Problems with Internet access

SOC Experts - No. 1 Job Oriented Cybersecurity Training Program

View our Courses