Honeypots mailing list archives
Re: collecting spyware with a honeypot
From: Tillmann Werner <tillmann.werner () gmx de>
Date: Mon, 18 Sep 2006 16:23:40 +0200
George,
I wold like to setup a honeypot for collecting spyware and adware. As you know, spayware require user action, so i can't use the classic honeypot method to connect it on the internet and let the "bad guys" attack it.
You don't necessarily need user interaction. Lots of ad/spyware is installed after a bot infection. Samples can be collected with tools like honeytrap or nepenthes and then run in a controlled environment, e.g. a vm protected by a honeywall. You then need some kind of automatism to initialize a clean image, place and start a sample and log changes as downloaded files.You can also use a hardware card that restores a clean system without the changes since the last reboot if you prefer a non-virtual installation. Such a setup should be able to process about one executable in 10 minutes. Tillmann
Current thread:
- collecting spyware with a honeypot George (Sep 17)
- RE: collecting spyware with a honeypot Robert D. Holtz - Lists (Sep 18)
- Re: collecting spyware with a honeypot Jamie Riden (Sep 18)
- Re: collecting spyware with a honeypot George (Sep 18)
- Re: collecting spyware with a honeypot Kathy Wang (Sep 18)
- Re: collecting spyware with a honeypot Tillmann Werner (Sep 18)
- Re: collecting spyware with a honeypot mat (Sep 18)