Interesting stuff! I haven't noticed this on our end so maybe their
concentrating on commercial anti-virus firms rather than independent
research organizations though there's always the possibility that it
could happen in the future.
Ryan Talabis
Philippine Honeynet Project
http://www.philippinehoneynet.org
2006/4/6, David Jiménez Domínguez <djdsecurity (at) gmail (dot) com [email concealed]>:
> Hi list!!
>
> Yesterday ZDnet issued a note [1] about cybercriminals looking for
> antivirus firm's honeypots in order to launch attacks against them,
> specially those for malware collection. I've read some docs about the
> same topic [2][3] some days ago...
>
> Have yout ever seen something like that within your honeynets?
>
> I think one of the reasons of this actions is to stop the botnet
> hunting and botnet hijacking, not to be aware if they are being
> watched mainly...
>
> What do you thing??
>
>
> [1] http://news.zdnet.co.uk/internet/security/0,39020375,39261210,00.htm
> [2] http://www.it-observer.com/articles/1101/honeypots_how_seek_them_out/
> [3] http://ryan1918.org/viewtopic.php?t=1444
>
> --
> ------------------
> DJD
> _
>
concentrating on commercial anti-virus firms rather than independent
research organizations though there's always the possibility that it
could happen in the future.
Ryan Talabis
Philippine Honeynet Project
http://www.philippinehoneynet.org
2006/4/6, David Jiménez Domínguez <djdsecurity (at) gmail (dot) com [email concealed]>:
> Hi list!!
>
> Yesterday ZDnet issued a note [1] about cybercriminals looking for
> antivirus firm's honeypots in order to launch attacks against them,
> specially those for malware collection. I've read some docs about the
> same topic [2][3] some days ago...
>
> Have yout ever seen something like that within your honeynets?
>
> I think one of the reasons of this actions is to stop the botnet
> hunting and botnet hijacking, not to be aware if they are being
> watched mainly...
>
> What do you thing??
>
>
> [1] http://news.zdnet.co.uk/internet/security/0,39020375,39261210,00.htm
> [2] http://www.it-observer.com/articles/1101/honeypots_how_seek_them_out/
> [3] http://ryan1918.org/viewtopic.php?t=1444
>
> --
> ------------------
> DJD
> _
>
[ reply ]