Know Your Enemy: Containing Conficker

The Honeynet Project is excited to announce the release of Know Your Enemy: Containing Conficker.    In this paper we present several potential methods to contain Conficker. The approaches presented take advantage of the way Conficker patches infected systems, which can be used to remotelydetect a compromised system. Furthermore, we demonstrate various methods to detect and remove Conficker locally and a potential vaccination tool is presented. Read more »

Detecting and Containing Conficker - Management Overview

The Honeynet Project is very excited to announce a new scanning tool for detecting Conficker and an upcoming Know Your Enemy paper detailing how to contain Conficker.  Both the paper and the tool have been developed by Honeynet Project members Tillmann Werner and Felix Leder.  The tool was developed over the weekend, in co-ordination with Dan Kamisnky, and this tool is now publicly available and is in the process of being integrated into most major vulnerability scanning tools, including NmapRead more »

Detecting Conficker

As you know, bad things are going to happen on April 1st: people will be sending out emails to their friends, telling silly jokes and putting MTAs under a higher load. Besides that (but not quite that bad), Conficker will activate its domain name generation routine to contact command-and-control servers. We have been researching this piece of malware recently, with a focus on how to detect Conficker-infected machines. Felix and I had a discussion with Dan Kaminsky about the possibilities to actively detect Conficker and wrote a scanner for this task. Read more »

GSoC Applications

Folks, just a friendly reminder that the Honeynet Project is actively seeking and taking students for the annual Google Summer of Code.  If you are interested in information security, open source and learning from some extremely talented developers in this area, then this is the place for you.  We currently have eight project ideas, but we are open to any suggestions or ideas you may have.  Learn more at our Honeynet Project GSoC Ideas Page.  Applications close on Friday, 03 April so you only have one week left. Read more »

GSoC Mentoring Organization

We are excited to announce that the Honeynet Project has been selected by Google to be a mentoring organization for their annual Google Summer of Code project.  Our team of volunteers is very excited about this and look forward to working with and helping mentor students around the world about honeypot technologies.  To learn more about the different projects you can work with us on, please take a moment to review our IDEAS PAGE.  If you will be submitting an application, your best chance to be selected is to take your tim Read more »

Google Summer of Code

We are very excited to announce the Honeynet Project has applied for the Google Summer of Code for 2009. Read more »

Annual Honeynet Workshop

Once a year the Honeynet Project brings together members from around the world for a one week workshop on honeypot research, development and deployments.  This year's event was hosted and sponsored by the International Multilateral Partnership Against Cyber-Threats (IMPACT), a public-private alliance against cyber threats.  The event was held in IMPACT's facilities based in Cyberjaya, Malaysia.  Without a doubt, this was our most successful and productive workshop ever.  We had over twenty countries and organizations represented, all dedicat Read more »

Speaking Waledac

While it seems to be impossible to say whether waledac is the successor of storm or not, what we can do is take a look at the traffic encryption. They guys over at Shadowserver have already blogged some details about this. We at the Giraffe Chapter investigated waledac's communication protocol further. Here are our results. Read more »

Waledac is wishing merry christmas

Waledac is wishing merry christmas
There is a new bot in town. It's called Waledac. The way it is spreading reminds a lot of people of the good old storm botnet: An email is sent containing a "christmas card" in form of the executable "postcard.exe".
Waledac social engineering
A preliminary view on the binary has been given by the Shadowserver guys (Steve Adair).

I had the chance to have a first look at the binary (MD5 ccddda141a19d693ad9cb206f2ae0de9) and want to note down some of my few findings to let the hunt begin. Read more »

Annual Honeynet Project Workshop

Once a year the Honeynet Project brings together members from around the world for a one week workshop on honeyopt research, development and deployments.  We are excited that for this year's event the workshop will be sponsored and hosted by the International Multilateral Partnership Against Cyber-Threats (IMPACT), a public-private alliance against cyber threats.  IMPACT is based in Cyberjaya, Malaysia.  We are very excited for this opportunity as it will be the first time we have hosted the event in Asia.  We would like to thank IMPACT for t Read more »

Syndicate content