funsec mailing list archives
Whitepaper: The Nepenthes Platform: An Efficient Approach to Collect M alware
From: "Fergie" <fergdawg () netzero net>
Date: Thu, 21 Sep 2006 22:32:45 GMT
From Thorsten Holz and the good folks over at Honeyblog.
[abstract] Up to now, there is little empirically backed quantitative and qualitative knowledge about self-replicating malware publicly available. This hampers research in these topics because many counter-strategies against malware, e.g., network- and host-based intrusion detection systems, need hard empirical data to take full effect. We present the nepenthes platform, a framework for large-scale collection of information on self-replicating malware in the wild. The basic principle of nepenthes is to emulate only the vulnerable parts of a service. This leads to an efficient and effective solution that offers many advantages compared to other honeypot-based solutions. Furthermore, nepenthes offers a flexible deployment solution, leading to even better scalability. Using the nepenthes platform we and several other organizations were able to greatly broaden the empirical basis of data available about self-replicating malware and provide thousands of samples of previously unknown malware to vendors of host-based IDS/anti-virus systems. This greatly improves the detection rate of this kind of threat. [snip] Final paper: http://honeyblog.org/junkyard/paper/collecting-malware-final.pdf - ferg -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Whitepaper: The Nepenthes Platform: An Efficient Approach to Collect M alware Fergie (Sep 21)