Results 1 to 7 of 7

Thread: The HoneyMonkey

  1. #1
    Senior Member
    Join Date
    Dec 2004
    Posts
    3,171

    The HoneyMonkey

    This might have been posted before but I couldn't find it...

    "The monkey launches a browser instance for each suspect URL and waits for a few minutes. The monkey is not set up to click on any dialog box to permit installation of any software; consequently, any executable files that get created outside the browser's temporary folder are detected by the [data recorder] and signal an exploit," Wang said.
    http://www.eweek.com/article2/0,1759...119TX1K0000594
    Microsoft Unwraps HoneyMonkey Detection Project

    Eg

  2. #2
    Senior Member
    Join Date
    Dec 2004
    Posts
    320
    I wondered when someone was gonna do this... Pretty interesting read. I wonder if there is a safe way that people could participate in this, like the seti project.
    The fool doth think he is wise, but the wiseman knows himself to be a fool - Good Ole Bill Shakespeare

  3. #3
    Senior Member
    Join Date
    Jan 2003
    Posts
    1,499
    mmmmm, monkey.

  4. #4
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    It seems like our friends over at SAN's are trying to do a similar thing:

    Its pretty obvious, that a lot of the malware these days arrives hidden behind a URL in an e-mail or an instant message. We would like to start collecting these URLs, and explore some automated methods to validate them and maybe report them.

    This project is in 'pre beta' now, and help any is appreciated. The plan is to download any content from these URLs, and maybe one or two links down, run it through a virus checker for known 'bad stuff' and keep monitoring them for changes.

    The URL (non malicious ;-) ) to report URLs is: http://isc.sans.org/urlcheck.php .

    Things I am looking for:
    - scripts to extract URLs from spam (or regular email)
    - any regular expressions someone may have to look for malicious javascript


    Ultimatly, a list of verfied malicious URLs will be made available. I also hope to release the 'check' script to distribute the checking of URLs.
    Handlers Diary August 6th 2005

    Cheers:
    DjM

  5. #5
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  6. #6
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744
    And after afew more days nearly 800 pages on 287 sites.. I am suprised that the number of hits isnt higher.. or are they searching the wrong "darkside" of the net... read the story from Security Focus

    [edit] Dickhead alert.. I thought I had checked Zens link.... but now I notice mine is exactly the same.. sorry Zen [/edit]
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  7. #7
    Thats what i was wondering about. I can randomly click links and probably get a higher #. Just seems too low to be effective in the amount of time they took.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •