New Emerging-Rules Snort Signature Catches 'Revolt Scanner' Hacking Activity

BOCA RATON, Fla., April 24, 2009 – SECNAP^® Network Security discovered new hacking activity during routine client network monitoring this week, and moved immediately to develop a new signature to detect and thwart the activity. Dubbed Revolt Scanner, the activity is so new that no signatures had been developed to detect it specifically.

HackerTrap™ Network Security Device Detected New Activity

According to Jared Braverman, information systems security engineer for SECNAP, the activity was flagged by a generic signature, which was detected by the firm's HackerTrap network security device and relayed to the security team for review.

"It was obvious that the activity we detected was malicious, given the user agent name Revolt Scanner, the fact that it was scanning administrative components of the web server's PHP code, and that it was transmitting from Russia to a business in the United States," said Braverman.

The SECNAP team researched activity on the Internet and found other appearances of the Revolt Scanner around the world. Braverman explained that activity statistics are available for a huge number of websites as a result of weblog crawls performed by the Google engine.

New Signature Created and Made Available to Internet Security Community

In addition to protecting client networks from unauthorized intrusion, SECNAP is a Certified SNORT^® Integrator and active member of the Internet security community. In that spirit, Braverman created a new signature specifically designed to detect and thwart the Revolt Scanner, and made it available through the Emerging Threats website. He also created a blog to provide new information about Revolt Scanner.

SECNAP HackerTrap software detected the new hacking activity on Tuesday, April 21, and the new signature was developed and posted the following day.