[botnets] [funsec] Whitepaper: The Nepenthes Platform: An Efficient Approach to Collect M alware (fwd)

Thu, 21 Sep 2006 16:06:37 -0700 

To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
----------


---------- Forwarded message ----------
Date: Thu, 21 Sep 2006 22:32:45 GMT
From: Fergie <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: [funsec] Whitepaper: The Nepenthes Platform: An Efficient Approach
    to Collect M alware

>From Thorsten Holz and the good folks over at Honeyblog.

[abstract]

Up to now, there is little empirically backed quantitative and
qualitative knowledge about self-replicating malware publicly
available. This hampers research in these topics because many
counter-strategies against malware, e.g., network- and host-based
intrusion detection systems, need hard empirical data to take full effect.

We present the nepenthes platform, a framework for large-scale
collection of information on self-replicating malware in the wild. The
basic principle of nepenthes is to emulate only the vulnerable parts of
a service. This leads to an efficient and effective solution that
offers many advantages compared to other honeypot-based solutions.
Furthermore, nepenthes offers a flexible deployment solution, leading
to even better scalability.

Using the nepenthes platform we and several other organizations were
able to greatly broaden the empirical basis of data available about
self-replicating malware and provide thousands of samples of previously
unknown malware to vendors of host-based IDS/anti-virus systems. This
greatly improves the detection rate of this kind of threat.

[snip]

Final paper:
http://honeyblog.org/junkyard/paper/collecting-malware-final.pdf

- ferg

--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

_______________________________________________
To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
All list and server information are public and available to law enforcement 
upon request.
http://www.whitestar.linuxbox.org/mailman/listinfo/botnets

Reply via email to