Re: collecting spyware with a honeypot

[David Barroso <dbarroso () s21sec com>]

Marc Samendinger escribió:
> On Mon, Sep 18, 2006 at 03:52:14PM +0200, George wrote:
> > On 9/18/06, Jamie Riden <jamesr () europe com> wrote:
>
> Hi George,
>
> > > I've been wondering about this myself - I think the main steps would be:
> > >
> > > * mechanism to trawl URLs - e.g. crawl everything that you get in your spam
> > The main problem is how can i made a list of url to crawl?Most of the
> > spam url i have are sending to sites that do not have malware. I've
> > seen some spyware hided on porn websites and also a lot of spyware on
> > warez web site. But there is a public blacklist of sites that keeping
> > spyware? Can i find a way to find that kind of links automatically?
>
> There was a talk on this topic at 22c3 in Berlin last December by
> Krisztian Piller and Sebastian Wolfgarten.
> http://chaosradio.ccc.de/22c3_m4v_871.html
>
> They have/had the same problem you are raising, gaining a list of
> urls to crawl. One of their idea was to set up a wiki with urls where
> malware was found. But I have no idea how far they have come with
> setting up a wiki like this.
>
> They are also saying, that they have contacted Microsoft several times
> asking if Microsoft would share their list of urls. But looks like the
> HoneyMonkey project by Microsoft is not interested in sharing this list.
> (If there is one)

Besides, the guys at stopbadware.org (Google & Co) would have their own
list of urls. Example:
http://www.google.com/interstitial?url=http://www.purecheats.com/index.php/top50sitesz

Are also they reluctant to share their findings?

-- 
David Barroso Berrueta                       I+D+i (R&D)
Phone: (+34)943317330                        Grupo S21sec Gestión, S.A.
'Not one day goes by that I don't ride, 'til the infinite, the horse of
my imagination'