Honeypots mailing list archives
Re: collecting spyware with a honeypot
From: David Barroso <dbarroso () s21sec com>
Date: Mon, 09 Oct 2006 16:15:09 +0200
Marc Samendinger escribió:
On Mon, Sep 18, 2006 at 03:52:14PM +0200, George wrote:On 9/18/06, Jamie Riden <jamesr () europe com> wrote:Hi George,I've been wondering about this myself - I think the main steps would be: * mechanism to trawl URLs - e.g. crawl everything that you get in your spamThe main problem is how can i made a list of url to crawl?Most of the spam url i have are sending to sites that do not have malware. I've seen some spyware hided on porn websites and also a lot of spyware on warez web site. But there is a public blacklist of sites that keeping spyware? Can i find a way to find that kind of links automatically?There was a talk on this topic at 22c3 in Berlin last December by Krisztian Piller and Sebastian Wolfgarten. http://chaosradio.ccc.de/22c3_m4v_871.html They have/had the same problem you are raising, gaining a list of urls to crawl. One of their idea was to set up a wiki with urls where malware was found. But I have no idea how far they have come with setting up a wiki like this. They are also saying, that they have contacted Microsoft several times asking if Microsoft would share their list of urls. But looks like the HoneyMonkey project by Microsoft is not interested in sharing this list. (If there is one)
Besides, the guys at stopbadware.org (Google & Co) would have their own list of urls. Example: http://www.google.com/interstitial?url=http://www.purecheats.com/index.php/top50sitesz Are also they reluctant to share their findings? -- David Barroso Berrueta I+D+i (R&D) Phone: (+34)943317330 Grupo S21sec Gestión, S.A. 'Not one day goes by that I don't ride, 'til the infinite, the horse of my imagination'
Current thread:
- Re: collecting spyware with a honeypot Marc Samendinger (Oct 09)
- Re: collecting spyware with a honeypot David Barroso (Oct 09)
- Re: collecting spyware with a honeypot Jamie Riden (Oct 09)