Mapping Drive-By-Downloads With Client Honeypots presented at KiwiCon 2008

by Pk (VUW ),

Tags: Security

Summary : VUW, School of Mathematics Statistics and Computer Science has developed some open course technologies for detecting drive-by-downloads. These are Capture-HPC and the Microsoft XP behavioural analysis tool Capture-BAT, hosted on the Honeynet Alliance https://projects.honeynet.org/capture-hpc and honeyc a low interaction client honeypot system https://projects.honeynet.org/honeyc/. We are developing these tools further and have used these tools for over a year to detect malicious web content delivered as drive-by-downloads and are performing a number of studies which will be outlined.