I noticed that the bro script Backdoor.bro has been deprecated with Bro 2.5.So,what is now the script or group of scripts (or method) used to deal with this kind of problem.As a use Bro mainly to read tcpdump pcaps of my desktop Internet/browser sessions and malware installed this way is a concern.
Hello Luca,
I noticed that the bro script Backdoor.bro has been deprecated with Bro
2.5.
You are right, the backdoor analyzer has been deprecated (note - not
backdoor.bro, that also existed and was removed after 1.5).
So,what is now the script or group of scripts (or method) used to deal
with this kind of problem. As a use Bro mainly to read tcpdump pcaps of my
desktop Internet/browser sessions and malware installed this way is a
concern.
Are you actually using the functionality that the backdoor analyzer
provides? As far as I am aware, it has not been active by default in any
recent version of Bro - you always needed to activate it yourself - and
has not seen any active maintenance in a while. If you have been using
this in practice, and it has been useful to you, I would actually be
interested in hearing about it.
In any case - you should always be able to use the current version of it
and compile it as a module, in case it will be removed in a future version
of Bro.
I hope this helps,
Johanna