SecurityFocus

collecting spyware with a honeypot Sep 16 2006 10:03PM
George (george p123 gmail com) (4 replies)

Re: collecting spyware with a honeypot Sep 18 2006 02:54PM
mat (mrowley esoft com)

Re: collecting spyware with a honeypot Sep 18 2006 02:23PM
Tillmann Werner (tillmann werner gmx de)

Re: collecting spyware with a honeypot Sep 18 2006 02:42AM
Jamie Riden (jamesr europe com) (2 replies)

Re: collecting spyware with a honeypot Sep 18 2006 01:57PM
Kathy Wang (knwang synacklabs net)

Re: collecting spyware with a honeypot Sep 18 2006 01:52PM
George (george p123 gmail com) (1 replies)

Re: collecting spyware with a honeypot Oct 09 2006 09:53AM
Marc Samendinger (marc samendinger sp-online de) (2 replies)

Re: collecting spyware with a honeypot Oct 09 2006 09:40PM
Jamie Riden (jamesr europe com)

On 09/10/06, Marc Samendinger <marc.samendinger (at) sp-online (dot) de [email concealed]> wrote:

> They have/had the same problem you are raising, gaining a list of
> urls to crawl. One of their idea was to set up a wiki with urls where
> malware was found. But I have no idea how far they have come with
> setting up a wiki like this.

There should be plenty of these in spam.

Someone suggested setting up a secondary MX - spammers tend to prefer
secondaries as they often have no or limited filtering.

You could also set up a spam honeypot (
http://en.wikipedia.org/wiki/Honeypot_%28computing%29#Spam_honeypots )
like Jackpot and use the results from there.

I seem to remember Messenger spam containing lots of dodgy links, look
for UDP packets going to ports 1025-1030 or so.

cheers,
Jamie
--
Jamie Riden, CISSP / jamesr (at) europe (dot) com [email concealed] / jamie.riden (at) gmail (dot) com [email concealed]
NZ Honeynet project - http://www.nz-honeynet.org/

[ reply ]

Re: collecting spyware with a honeypot Oct 09 2006 02:15PM
David Barroso (dbarroso s21sec com)

RE: collecting spyware with a honeypot Sep 18 2006 02:19AM
Robert D. Holtz - Lists (robert d holtz gmail com)