-
August 8th, 2005, 06:52 AM
#1
The HoneyMonkey
This might have been posted before but I couldn't find it...
"The monkey launches a browser instance for each suspect URL and waits for a few minutes. The monkey is not set up to click on any dialog box to permit installation of any software; consequently, any executable files that get created outside the browser's temporary folder are detected by the [data recorder] and signal an exploit," Wang said.
http://www.eweek.com/article2/0,1759...119TX1K0000594
Microsoft Unwraps HoneyMonkey Detection Project
Eg
-
August 8th, 2005, 07:55 AM
#2
I wondered when someone was gonna do this... Pretty interesting read. I wonder if there is a safe way that people could participate in this, like the seti project.
The fool doth think he is wise, but the wiseman knows himself to be a fool - Good Ole Bill Shakespeare
-
August 8th, 2005, 10:01 AM
#3
-
August 8th, 2005, 04:02 PM
#4
It seems like our friends over at SAN's are trying to do a similar thing:
Its pretty obvious, that a lot of the malware these days arrives hidden behind a URL in an e-mail or an instant message. We would like to start collecting these URLs, and explore some automated methods to validate them and maybe report them.
This project is in 'pre beta' now, and help any is appreciated. The plan is to download any content from these URLs, and maybe one or two links down, run it through a virus checker for known 'bad stuff' and keep monitoring them for changes.
The URL (non malicious ;-) ) to report URLs is: http://isc.sans.org/urlcheck.php .
Things I am looking for:
- scripts to extract URLs from spam (or regular email)
- any regular expressions someone may have to look for malicious javascript
Ultimatly, a list of verfied malicious URLs will be made available. I also hope to release the 'check' script to distribute the checking of URLs.
Handlers Diary August 6th 2005
Cheers:
-
August 10th, 2005, 04:56 AM
#5
"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore
-
August 13th, 2005, 11:40 PM
#6
And after afew more days nearly 800 pages on 287 sites.. I am suprised that the number of hits isnt higher.. or are they searching the wrong "darkside" of the net... read the story from Security Focus
[edit] Dickhead alert.. I thought I had checked Zens link.... but now I notice mine is exactly the same.. sorry Zen [/edit]
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
-
August 14th, 2005, 12:14 AM
#7
Member
Thats what i was wondering about. I can randomly click links and probably get a higher #. Just seems too low to be effective in the amount of time they took.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|