Honeypots
collecting spyware with a honeypot Sep 16 2006 10:03PM
George (george p123 gmail com) (4 replies)
Re: collecting spyware with a honeypot Sep 18 2006 02:54PM
mat (mrowley esoft com)
Re: collecting spyware with a honeypot Sep 18 2006 02:23PM
Tillmann Werner (tillmann werner gmx de)
George,

> I wold like to setup a honeypot for collecting spyware and adware. As
> you know, spayware require user action, so i can't use the classic
> honeypot method to connect it on the internet and let the "bad guys"
> attack it.

You don't necessarily need user interaction. Lots of ad/spyware is installed
after a bot infection. Samples can be collected with tools like honeytrap or
nepenthes and then run in a controlled environment, e.g. a vm protected by a
honeywall.

You then need some kind of automatism to initialize a clean image, place and
start a sample and log changes as downloaded files.You can also use a
hardware card that restores a clean system without the changes since the last
reboot if you prefer a non-virtual installation. Such a setup should be able
to process about one executable in 10 minutes.

Tillmann

[ reply ]
Re: collecting spyware with a honeypot Sep 18 2006 02:42AM
Jamie Riden (jamesr europe com) (2 replies)
Re: collecting spyware with a honeypot Sep 18 2006 01:57PM
Kathy Wang (knwang synacklabs net)
Re: collecting spyware with a honeypot Sep 18 2006 01:52PM
George (george p123 gmail com) (1 replies)
Re: collecting spyware with a honeypot Oct 09 2006 09:53AM
Marc Samendinger (marc samendinger sp-online de) (2 replies)
Re: collecting spyware with a honeypot Oct 09 2006 09:40PM
Jamie Riden (jamesr europe com)
Re: collecting spyware with a honeypot Oct 09 2006 02:15PM
David Barroso (dbarroso s21sec com)
RE: collecting spyware with a honeypot Sep 18 2006 02:19AM
Robert D. Holtz - Lists (robert d holtz gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus