August 8th, 2005 06:52 AM
This might have been posted before but I couldn't find it...
"The monkey launches a browser instance for each suspect URL and waits for a few minutes. The monkey is not set up to click on any dialog box to permit installation of any software; consequently, any executable files that get created outside the browser's temporary folder are detected by the [data recorder] and signal an exploit," Wang said.
Microsoft Unwraps HoneyMonkey Detection Project
August 8th, 2005 07:55 AM
I wondered when someone was gonna do this... Pretty interesting read. I wonder if there is a safe way that people could participate in this, like the seti project.
The fool doth think he is wise, but the wiseman knows himself to be a fool - Good Ole Bill Shakespeare
August 8th, 2005 10:01 AM
August 8th, 2005 04:02 PM
It seems like our friends over at SAN's are trying to do a similar thing:
Handlers Diary August 6th 2005
Its pretty obvious, that a lot of the malware these days arrives hidden behind a URL in an e-mail or an instant message. We would like to start collecting these URLs, and explore some automated methods to validate them and maybe report them.
This project is in 'pre beta' now, and help any is appreciated. The plan is to download any content from these URLs, and maybe one or two links down, run it through a virus checker for known 'bad stuff' and keep monitoring them for changes.
The URL (non malicious ;-) ) to report URLs is: http://isc.sans.org/urlcheck.php
Things I am looking for:
- scripts to extract URLs from spam (or regular email)
Ultimatly, a list of verfied malicious URLs will be made available. I also hope to release the 'check' script to distribute the checking of URLs.
August 10th, 2005 04:56 AM
"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore
August 13th, 2005 11:40 PM
And after afew more days nearly 800 pages on 287 sites.. I am suprised that the number of hits isnt higher.. or are they searching the wrong "darkside" of the net... read the story from Security Focus
 Dickhead alert.. I thought I had checked Zens link.... but now I notice mine is exactly the same.. sorry Zen [/edit]
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
August 14th, 2005 12:14 AM
Thats what i was wondering about. I can randomly click links and probably get a higher #. Just seems too low to be effective in the amount of time they took.