HoneyPot Workflow

July 29th, 2009

As mentioned in a previous post, our HoneyPots look for exploits with the most common browsers (and plugins).

We generate a pool of URLs refreshed every day, as well as get incoming spam URLs in real time.

An array of machines process those URLs. Every time a malicious URL is found, it gets added to our blacklist.

URLs on the blacklist are verified every hour to make sure the content:

- is the same
- has a different payload
- no longer is there

Jerome Segura

This entry was posted on Wednesday, July 29th, 2009 at 12:10 pm and is filed under Research. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Comments:

(0) comments
|
Add your comments