Malware Honeypot Projects Merge

rebvend writes "eWeek is reporting that two of the biggest honeypot projects (mwcollect and nepenthes) have merged operations. A new meta-portal at mwcollect.org will become a top-level community covering malware collection efforts while nepenthes will become the official tool for malware collection."

Re:No Windows version ?

[WindBourne]

All that you really want is to emulate an opening enough to encourage a cracker/worm to show itself and what the attempt is. If you use Windows, there will be back doors that will be unknown and the honeypot will most likely be cracked. Something like *bsd or *nix is needed.

Bound to happen

[varmint+jerky]

It was inevitable...they couldn't resist each other.

MS Strider honeymonkey project

[Quirk]

I remembered MS running a honeypot project that /. reported on last year.

What Is Strider "HoneyMonkey"? is a differnet take on the problem. /. reported on the project... http://it.slashdot.org/article.pl?sid=05/05/18/224 0222

Re:No Windows version ?

[WindBourne]

Back in 200[23], I was doing commercial (and federal) network manipulations on OC-48s (and other lines). One of my ideas was to use our highspeed tool to track all the packets as they went in to a "honeypot". We were going to use vmware on top of a modified linux. It made sense to go after malware on x86 (x86 accounts for more than 99% of the malware). Once we knew the exact signature of the unencrypted packets going back, we would simply replay this back on other points. The idea was to have a number of honeypots to obtain the signatures, but once we had the signatures, we could then do packet/stream manipulations while blocking any thing coming in. Basically, we could use this to track who was on the net and where they were originating from while mitigating the damage. Sadly, we got side-tracked on the federal systems so we did not do this work.

Re:No Windows version ?

[Ethan+Allison]

[bob@honeypot: ~]$ touch /home/bob/.wine/drive_c/windows/system32/ntdll.dll