Tuesday, January 1, 2008

WASC's Distributed Open Proxy Honeypot Project

Via InfoWorld.com -

An innovative malware honeypot project backed by a leading consortium of IT security experts is preparing to re-launch its global sensor network after Jan. 1 in an effort to dupe more cyber-criminals into handing over information about their latest attack methods.

After its initial 11 months of data collection, the project undertook the month-long hiatus to give project researchers more time to examine results and plan for the year ahead.

In addition to tweaking their tactics for tracking and luring malware distributors in 2008, WASC project leaders said they are also planning to add new honeypots to their existing network, which already spans locations in Europe, Russia, South America, and the United States.

Unlike more traditional OS-level or SMTP-based honeypot applications -- systems designed to collect individual malware samples for subsequent examination by anti-virus researchers -- the WASC project utilizes a network of 14 specially-configured open proxy servers (or proxypots) to monitor traffic for nefarious activities carried out by everyone from botnet herders to adware purveyors.

Traditional honeypots have proven useful for tracking widespread computer viruses and allowing AV companies to produce the signature files needed to protect machines against infection, but those targets are ill-suited to provide the level of real-time intelligence needed to protect against today's fast-moving customized threats, said Ryan Barnett, the WASC project's leader.

By serving up an unprotected open proxy server to the larger Internet, and thereby advertising itself as exactly the type of anonymous conduit that attackers seek out to distribute their work -- rather than merely an undefended computer, the effort is already garnering new insight into cyber-criminals' methods, he said.

Barnett, who is also director of application security training at Breach Security and an instructor for the SANS Institute, said that despite being pleased with the project's initial ability to identify attacks and test ways to thwart malware campaigns further upstream, he is hoping that 2008 will provide even greater rewards.

No comments:

Post a Comment