« July 2005 | Main | September 2005 »
August 05, 2005
Microsoft Releases Technical Paper on HoneyMonkeys
Microsoft released a technical paper, entitled Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites That Exploit Browser Vulnerabilities. The paper can be downloaded here.
I read the paper and thought it was very interesting. 'HoneyMonkeys' is Microsoft's term for what I call 'Honeyclients'. Anyhow, the term doesn't matter much - it's essentially the same concept. Reading Microsoft's paper, it was good to see that the more patched versions of Windows XP were less susceptible to malicious sites.
I suspect that very few attackers are even aware of honeyclient technology at this point. It will be interesting to see what type of 'arms race' is coming down the pipeline as attackers become more aware of honeyclient technology. I'm envisioning more verification by the malicious sites of whether the client is driven in an automated fashion. How about active content malicious sites? It will be challenging to integrate automated mouse clicks within the honeyclient architecture, but is there any other way to detect these types of links?
Posted by Kathy at 09:01 PM | Comments (0)