« April 2005 | Main | June 2005 »
May 30, 2005
A New Business Model?
How could it be that a company in Russia is building a business around infecting other people's machines? 'No way!', you say. Well, this article from Information Week has the details.
This Russian company (which I will not link directly to) supplies one-line exploit code to other sites, who then get paid $0.06 per machine that is infected with that exploit code, which installs at least spyware and adware.
Interesting insight: I was testing my honeyclient implementation, and decided to access this Russian site to see if I could somehow download that exploit code to research. It turns out that the information they wanted from me is quite extensive. I mean, there's no way I'm giving them my address, phone number, etc., just so they can contact me to 'talk business'. So, in case you were wondering, they don't make it easy to obtain that exploit code.
It would be interesting to see with honeyclients if all the sites that work with this Russian company can be found via the way they would uniquely try and exploit IE and Windows 2K/XP. At least, that's what I'm assuming the exploit code targets.
Posted by Kathy at 04:23 PM | Comments (0)
May 18, 2005
Microsoft's Honeyclient Project
According to this Slashdot post, Microsoft has their own version of a honeyclient, which they call 'honeymonkeys'. I have to say, that's a cute moniker.
More importantly, though, this goes to show that it's becoming increasingly important to actively seek out the bad HTTP servers proactively. This will help to develop a better sense of situational awareness, which is where I think the future of information security is headed. I think folks are finally getting sick of constant reactive problem-solving, and this includes Microsoft.
Posted by Kathy at 08:21 PM | Comments (0)