RE: Looking for Honeypots???

["Roger A. Grimes" <roger () banneretcs com>]

I run 8 honeypots, and have for years.  I've not seen this. There maybe some specific targeted firms (i.e. av firms, 
Microsoft, etc.) and some occasional honeypot identifications made by honeypot-aware hackers, but its far from 
mainstream. 

Criminal hackers are stealing millions of dollars every day...their current methods are working just fine. The idea 
that they actually need an offensive strategy is almost laughable. Computer crime is on an incredible rise this 
year...and it isn't because they are taking down honeypots.  Article fodder for a gullible reporter.  For heaven's 
sake, the first article mentioned that some malware programs are actually disabling antivirus mechanisms as if it was 
news.  

-----Original Message-----
From: David Jiménez Domínguez [mailto:djdsecurity () gmail com] 
Sent: Wednesday, April 05, 2006 6:50 PM
To: honeypots () securityfocus com
Subject: Looking for Honeypots???

Hi list!!

Yesterday ZDnet  issued a note [1] about cybercriminals looking for antivirus firm's honeypots in order to launch 
attacks against them, specially those for malware collection. I've read some docs about the same topic [2][3] some days 
ago...

Have yout ever seen something like that within your honeynets?

I think one of the reasons of this actions is to stop the botnet hunting and botnet hijacking, not to be aware if they 
are being watched mainly...

What do you thing??


[1] http://news.zdnet.co.uk/internet/security/0,39020375,39261210,00.htm
[2] http://www.it-observer.com/articles/1101/honeypots_how_seek_them_out/
[3] http://ryan1918.org/viewtopic.php?t=1444

--
------------------
DJD
  _