April 27, 2005
Oops, Did You Mean To Type 'google'?
Next time you try and access Google, be careful how you type. This article in eWeek points out that typing 'googkle' instead of 'google' lands you at a malicious site that then attempts to install beasties such as backdoors and trojan droppers on your host.
I say the attackers/typosquatters are extremely enterprising, and evil to do this. I wonder what their motives are? Surely, there's money being made on their end. It used to be that if you mistyped certain domains, you'd just get porn, but this is definitely another step up. And, IMHO, another reason why we need honeyclients to help with finding sites like this, and warning the public, before they get a chance to do much damage.
Posted by Kathy at 06:29 PM | Comments (0)
April 20, 2005
Why We Need Honeyclients
This article talks about how attackers are now using fake weblogs to entice users to click on certain links. Once those links are accessed, malware such as keyloggers and trojans are uploaded to the victim host from the malicious server. In this article, users are social-engineered to click on the link which starts the malware upload to their machines. However, the attack could certainly be done in such a way that users only need to access the site and become infected, all without clicking on a single URL on that site.
This server to client attack cannot be detected using traditional honeypots. Traditional honeypots are passive devices which do not actively hit sites for data. Honeyclients, however, can be deployed to detect and warn of such malicious servers, because honeyclients are designed to actively access those servers. If we hope to better detect new server to client 0-day attacks, we need to actively look for those servers.
Posted by Kathy at 10:24 PM | Comments (0)
RECON 2005 Talk on Honeyclients
My talk on using honeyclients to discover new attacks has been accepted for RECON 2005, which takes place in Montreal from June 17-19. I'm very excited to be presenting at RECON, and am looking forward to talking to other people about the honeyclient idea.
As part of the RECON talk, a BSD-licensed honeyclient tool will be released. Stay tuned for the download!
Posted by Kathy at 10:15 PM | Comments (0)