Web crawling for malware with a Honeypot

October 9th, 2008

In our daily quest for malware we use different tools, though my favourite one remains a custom HoneyPot we deployed about a year ago.

The great thing about Honeypots is that they can be totally automated and deployed on a large scale. Think of a Honeypot as a bait machine, or a trap. It is meant to behave just like a regular computer, and interact with the requests it is being sent. We want to give malware authors the illusion that we are in a weak position and ready to be compromised. What they don’t know is that we are in fact listening and logging information as well as protecting ourselves from getting infected.

The result is that we are able to detect malicious web pages as well as what type of malware they are trying to push. We download the malware for further analysis and add the malicious sites to a blacklist.

Our Honeypots are constantly crawling the web so that we can detect infected web pages in real time, before the end user does.

Below is one machine hard at work, collecting honey

Jerome

This entry was posted on Thursday, October 9th, 2008 at 3:28 pm and is filed under Research. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Web crawling for malware with a Honeypot

Comments: