Bad guys are targeting honeypots...well, more so toward honeyclients than honeypots, but the intent is the same. I took my own experiences and figured they were the same as everyone else's. Since then, I've talked to lots of honeypot/honeyclient operators, and they've said they have seen an increase in offensive activity (usually DDoS attacks) against particular well-known honeyclient researchers.
Roger A. Grimes
("Often wrong, never in doubt!")
-----Original Message-----
From: Roger A. Grimes
Sent: Wednesday, April 05, 2006 10:09 PM
To: 'David Jiménez Domínguez'; honeypots (at) securityfocus (dot) com [email concealed]
Subject: RE: Looking for Honeypots???
I run 8 honeypots, and have for years. I've not seen this. There maybe some specific targeted firms (i.e. av firms, Microsoft, etc.) and some occasional honeypot identifications made by honeypot-aware hackers, but its far from mainstream.
Criminal hackers are stealing millions of dollars every day...their current methods are working just fine. The idea that they actually need an offensive strategy is almost laughable. Computer crime is on an incredible rise this year...and it isn't because they are taking down honeypots. Article fodder for a gullible reporter. For heaven's sake, the first article mentioned that some malware programs are actually disabling antivirus mechanisms as if it was news.
-----Original Message-----
From: David Jiménez Domínguez [mailto:djdsecurity (at) gmail (dot) com [email concealed]]
Sent: Wednesday, April 05, 2006 6:50 PM
To: honeypots (at) securityfocus (dot) com [email concealed]
Subject: Looking for Honeypots???
Hi list!!
Yesterday ZDnet issued a note [1] about cybercriminals looking for antivirus firm's honeypots in order to launch attacks against them, specially those for malware collection. I've read some docs about the same topic [2][3] some days ago...
Have yout ever seen something like that within your honeynets?
I think one of the reasons of this actions is to stop the botnet hunting and botnet hijacking, not to be aware if they are being watched mainly...
Bad guys are targeting honeypots...well, more so toward honeyclients than honeypots, but the intent is the same. I took my own experiences and figured they were the same as everyone else's. Since then, I've talked to lots of honeypot/honeyclient operators, and they've said they have seen an increase in offensive activity (usually DDoS attacks) against particular well-known honeyclient researchers.
Roger A. Grimes
("Often wrong, never in doubt!")
-----Original Message-----
From: Roger A. Grimes
Sent: Wednesday, April 05, 2006 10:09 PM
To: 'David Jiménez Domínguez'; honeypots (at) securityfocus (dot) com [email concealed]
Subject: RE: Looking for Honeypots???
I run 8 honeypots, and have for years. I've not seen this. There maybe some specific targeted firms (i.e. av firms, Microsoft, etc.) and some occasional honeypot identifications made by honeypot-aware hackers, but its far from mainstream.
Criminal hackers are stealing millions of dollars every day...their current methods are working just fine. The idea that they actually need an offensive strategy is almost laughable. Computer crime is on an incredible rise this year...and it isn't because they are taking down honeypots. Article fodder for a gullible reporter. For heaven's sake, the first article mentioned that some malware programs are actually disabling antivirus mechanisms as if it was news.
-----Original Message-----
From: David Jiménez Domínguez [mailto:djdsecurity (at) gmail (dot) com [email concealed]]
Sent: Wednesday, April 05, 2006 6:50 PM
To: honeypots (at) securityfocus (dot) com [email concealed]
Subject: Looking for Honeypots???
Hi list!!
Yesterday ZDnet issued a note [1] about cybercriminals looking for antivirus firm's honeypots in order to launch attacks against them, specially those for malware collection. I've read some docs about the same topic [2][3] some days ago...
Have yout ever seen something like that within your honeynets?
I think one of the reasons of this actions is to stop the botnet hunting and botnet hijacking, not to be aware if they are being watched mainly...
What do you thing??
[1] http://news.zdnet.co.uk/internet/security/0,39020375,39261210,00.htm
[2] http://www.it-observer.com/articles/1101/honeypots_how_seek_them_out/
[3] http://ryan1918.org/viewtopic.php?t=1444
--
------------------
DJD
_
[ reply ]