Honeypots
collecting spyware with a honeypot Sep 16 2006 10:03PM
George (george p123 gmail com) (4 replies)
Re: collecting spyware with a honeypot Sep 18 2006 02:54PM
mat (mrowley esoft com)
Re: collecting spyware with a honeypot Sep 18 2006 02:23PM
Tillmann Werner (tillmann werner gmx de)
Re: collecting spyware with a honeypot Sep 18 2006 02:42AM
Jamie Riden (jamesr europe com) (2 replies)
Re: collecting spyware with a honeypot Sep 18 2006 01:57PM
Kathy Wang (knwang synacklabs net)
Re: collecting spyware with a honeypot Sep 18 2006 01:52PM
George (george p123 gmail com) (1 replies)
On 9/18/06, Jamie Riden <jamesr (at) europe (dot) com [email concealed]> wrote:
> On 17/09/06, George <george.p123 (at) gmail (dot) com [email concealed]> wrote:
> > Hello!
> > I wold like to setup a honeypot for collecting spyware and adware. As
> > you know, spayware require user action, so i can't use the classic
> > honeypot method to connect it on the internet and let the "bad guys"
> > attack it.
> >
> > I google a little bit on this project and i didn't find a point of
> > starting this project. Can you help me with some ideas or some links
> > about how can i deploy this kind of honeypot in a such way that it
> > should receive fresh spayware and adware?
>
> I've been wondering about this myself - I think the main steps would be:
>
> * mechanism to trawl URLs - e.g. crawl everything that you get in your spam

The main problem is how can i made a list of url to crawl?Most of the
spam url i have are sending to sites that do not have malware. I've
seen some spyware hided on porn websites and also a lot of spyware on
warez web site. But there is a public blacklist of sites that keeping
spyware? Can i find a way to find that kind of links automatically?

The main target of this project is to expose some honeypot e-mail
addresses on a machine infected with spyware/adware applications that
was designate to collect email addresses from compromised host.

> * detection of compromise, and analysis
>
> You could do this in a VM and use snort to alert when the thing gets
> compromised and do a manual analysis. There are also low interaction
> solutions - here are a couple of references:
>
> http://en.wikipedia.org/wiki/Client_honeypot_/_honeyclient
> http://honeyc.sourceforge.net/
> http://capture-hpc.sourceforge.net/
> http://conference.hackinthebox.org/hitbsecconf2006kl/index.php?page_id=7
5
> http://pi1.informatik.uni-mannheim.de/diplomas/show/27
>

Intresting links. Searching on them i also find something on the same target:

http://research.microsoft.com/csm/strider/

> cheers,
> Jamie
> --
> Jamie Riden, CISSP / jamesr (at) europe (dot) com [email concealed] / jamie.riden (at) gmail (dot) com [email concealed]
> NZ Honeynet project - http://www.nz-honeynet.org/
>

[ reply ]
Re: collecting spyware with a honeypot Oct 09 2006 09:53AM
Marc Samendinger (marc samendinger sp-online de) (2 replies)
Re: collecting spyware with a honeypot Oct 09 2006 09:40PM
Jamie Riden (jamesr europe com)
Re: collecting spyware with a honeypot Oct 09 2006 02:15PM
David Barroso (dbarroso s21sec com)
RE: collecting spyware with a honeypot Sep 18 2006 02:19AM
Robert D. Holtz - Lists (robert d holtz gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus