Honeypots mailing list archives
Re: Looking for Honeypots???
From: "David Jiménez Domínguez" <djdsecurity () gmail com>
Date: Thu, 6 Apr 2006 12:55:57 -0500
One example is the submit-norman module in nepenthes... when the malware has anti-vmware techniques ( for example by looking for the vmware tools registry key o a mac address) the report sended by norman is useless... In the near future could some one make a code to first inspect the characteristics of the "sandhost" where the malware is run, and make some DNS queries to a domain name where this information is shown???...for example: mac00-00-00-71-B4-AA.com so.win2k.net vmware.present.net ip.192.168.1.2.com this information is going to be sended to the bad guy by email and he could map the all the information he needed Do you know if It is posible? 2006/4/5, Mark Ryan del Moral Talabis <talabis () gmail com>:
Interesting stuff! I haven't noticed this on our end so maybe their concentrating on commercial anti-virus firms rather than independent research organizations though there's always the possibility that it could happen in the future. Ryan Talabis Philippine Honeynet Project http://www.philippinehoneynet.org 2006/4/6, David Jiménez Domínguez <djdsecurity () gmail com>:Hi list!! Yesterday ZDnet issued a note [1] about cybercriminals looking for antivirus firm's honeypots in order to launch attacks against them, specially those for malware collection. I've read some docs about the same topic [2][3] some days ago... Have yout ever seen something like that within your honeynets? I think one of the reasons of this actions is to stop the botnet hunting and botnet hijacking, not to be aware if they are being watched mainly... What do you thing?? [1] http://news.zdnet.co.uk/internet/security/0,39020375,39261210,00.htm [2] http://www.it-observer.com/articles/1101/honeypots_how_seek_them_out/ [3] http://ryan1918.org/viewtopic.php?t=1444 -- ------------------ DJD _
-- ------------------ DJD _
Current thread:
- Looking for Honeypots??? David Jiménez Domínguez (Apr 05)
- Re: Looking for Honeypots??? Mark Ryan del Moral Talabis (Apr 05)
- Re: Looking for Honeypots??? David Jiménez Domínguez (Apr 06)
- Re: Looking for Honeypots??? Thorsten Holz (Apr 06)
- Re: Looking for Honeypots??? David Jiménez Domínguez (Apr 06)
- <Possible follow-ups>
- RE: Looking for Honeypots??? Roger A. Grimes (Apr 05)
- RE: Looking for Honeypots??? Mohd Rosli Saidin (Apr 06)
- RE: Looking for Honeypots??? Roger A. Grimes (Apr 09)
- Re: Looking for Honeypots??? Mark Ryan del Moral Talabis (Apr 05)