« Malware in a zip
MDL: URL Clearing House in testing phase »

New feature added to the HoneyPot

October 30th, 2009

Our HoneyPot was missing an important feature, given that many (if not most) malicious websites use PHP to serve their payload.

Up until now, our HoneyPot was only looking for pure exploits in:

- browser
- flash
- pdf
- quicktime
- java

However, a large number of malware files is downloaded using PHP.

Here is this new feature in action:

Rogue installer:
2009.10.30 10:27:37 -08:00 Pacific Standard Time,”smarttestdrive.com/download.php”,”smarttestdrive.com/install.exe”

Malicious PDF:
2009.10.30 10:31:40 -08:00 Pacific Standard Time,”erorr.net/pdf.php”,”erorr.net/asdfgh.pdf”

This will come in handy for our upcoming URL clearing house :)

hp

Jerome Segura

RSS feed to this site Twitter Linkedin YouTube Channel

 

RSS feed to this site Jerome Segura is a Security Analyst working at ParetoLogic.

You can contact him at:
MalwareDiaries Email

 

Pages




Security Software




Malware Top 10




Archives




Categories
 
 
 

© 2009 ParetoLogic Inc.