Honeypots mailing list archives

Re: collecting spyware with a honeypot

From: mat <mrowley () esoft com>
Date: Mon, 18 Sep 2006 08:54:21 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

George, I have been doing this for a while now.  There are clients you
can set up on honeypots which automate vulnerabilities and download the
files which are trying to be inserted into the computer. Specifically I
have been using nepenthes (http://nepenthes.mwcollect.org/) also, also,
you can check out honeyclient which 'crawls through' web pages, when you
give it an initial one.  Its a set of perl scripts which look though a
web page source and try and enumerate all possible links, then visits
them, and so on.  Hope this helps.

Mat


George wrote:

Hello!
I wold like to setup a honeypot for collecting spyware and adware. As
you know, spayware require user action, so i can't use the classic
honeypot method to connect it on the internet and let the "bad guys"
attack it.

I google a little bit on this project and i didn't find a point of
starting this project. Can you help me with some ideas or some links
about how can i deploy this kind of honeypot in a such way that it
should receive fresh spayware and adware?

Thanks in advice!
George


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFFDrMc47s/xIwy7o0RAqxQAJ9e6W8arfShSRs+4HMCj1EVMlJ0KACffofZ
00MT4xfNkQdi9ryzxLXW+gQ=
=y5DA
-----END PGP SIGNATURE-----

Current thread:

collecting spyware with a honeypot George (Sep 17)
- RE: collecting spyware with a honeypot Robert D. Holtz - Lists (Sep 18)
- Re: collecting spyware with a honeypot Jamie Riden (Sep 18)
  - Re: collecting spyware with a honeypot George (Sep 18)
  - Re: collecting spyware with a honeypot Kathy Wang (Sep 18)
- Re: collecting spyware with a honeypot Tillmann Werner (Sep 18)
- Re: collecting spyware with a honeypot mat (Sep 18)