The 2010 Honeynet Workshop has kicked off, in the wonderful surroundings of UNAM, Mexico City. Many thanks to our hosts!

Today, Steven Adair from Shadowserver imformed us about a new piece of malware that looks like a new version of the infamous Storm Worm. Storm was one of the first serious peer-to-peer botnets, it was sending out spam for more than two years until its decline in late 2008. Mark Schloesser, Tillmann Werner, Georg Wicherski, and I [Stormfucker](http://www.h-online.com/security/news/item/Storm-Worm-botnet-cracked-wide-open-739607.html> did some work on how to take down Storm back then, so the rumors about a new version caught our interest. Mark, Tillmann, and me started to take the sample apart, and it looks very much like Storm indeed. It even uses the same configuration file, stored under C:\WINDOWS\herjek.config (the same filename as used by the last Storm version), but as the command-and-control channel has been replaced with an HTTP based version, there is no peer list included anymore. When we looked at it, just contained two lines:

After a few slow days for student applicants everywhere, and some difficult decisions on the final slot allocations for our mentors, the long wait is finally over and the GSoC 2010 official student selections are public. The Honeynet Project are very excited to have received 17 GSoC slots this year (up from 9 last year), so many thanks to Google for their fantastic support again this year.

We hope that this summer will see significant development on both low and high interaction honeypots, as well as with supporting tools. During the next few weeks of the community bonding period we’ll be helping our students and mentors prepare for their projects and engage with our members. Once development officially begins on May 24th we’ll be having regular blogs here from all of our students again, along with regular summaries of progress on our GSoC projects.

Folks, we have decided to extend the submission deadline of the Forensic Challenge 2010/3 - “Banking Troubles” for another week (deadline is now April 26th 2010.) Seems like this challenge is a bit tougher and we would like to give you all the opportunity to submit your results. For those folks that have already submitted, you can resubmit via the web form in case you would like to make changes to your solution. The Forensic Challenge 2010/3 can be accessed here: https://honeynet.org/challenges/2010_3_banking_troubles.

Student applications for Google Summer of Code 2010 closed at 19:00 UTC tonight, with the usual last minute rush of submissions (but thankfully no timezone confusion this time). We had thought that receiving three student applications in the final minute, including one with 8.4 seconds to spare was cutting it close, but Plan9 apparently had one lucky applicant with 1.23 seconds remaining on the clock! That must set a new GSoC record… ;-)

On March 29th Google officially began accepting applications from students for Google Summer of Code 2010, which the Honeynet Project is very exicted to be participating in again this year as a mentoring organisation. We’ve recently updated our project ideas page and mentor information and students have until 19:00 UTC on Friday April 9th to apply (you can either chose one of our ideas or propose your own).

If you are interested in applying to be a student and you haven’t already said hello on #gsoc-honeynet on irc.freenode.net then please pop by if you have any questions. Most people find speaking to a project mentor before they apply helps them understand more about what is required to write a good application and we are always happy to answer questions (although please remember that since our members come from chapters all round the world it might take a few hours for someone to respond.

Challenge 3 of the Honeynet Project Forensic Challenge - titled “Banking Troubles” - is now online and we invite you to participate. Challenge 3 - provided by Josh Smith and Matt Cote from The Rochester Institute of Technology Chapter, Angelo Dell’Aera from the Italian Chapter and Nicolas Collery from the Singapore Chapter - is a bit different from our previous challenges in that we do not ask you to analyze a pcap network trace, but rather a memory image from a virtual machine. This should make for an interesting challenge!

Much to the excitement of students all around the world, tonight Google officially announced which mentor organisations have been accepted for Google Summer of Code (GSoC) 2010, and the Honeynet Project are delighted to have been selected as one of 151 such mentoring organisations! You can view the full list here:

http://socghop.appspot.com/gsoc/program/accepted_orgs/google/gsoc2010

Fingers crossed we’ll that with Google’s continued support we’ll have the chance to once again meet some very motivated students, create some exciting new projects and gain some great new members over the coming months.

Well, Google Summer of Code 2010 is now officially up and running, with the deadline for organisation applications closing 45 minutes ago. Happily the Honeynet Project’s application for GSoC 2010 was submitted on time, so all we can do now is sit back and wait until March 18th to find out if we are one of the lucky organisations selected this year.

In the mean time, you can find out more about The Honeynet Project’s hopefully successful organisation application in the GSoC 2010 section of our website. This includes background information, ideas for potential project (although students are also free to propose their own), our student application form and how to get in touch with us if we are accepted by Google. You can also read more about the various successful projects from GSoC 2009 in this summary report.

Folks, its a frosty Tuesday morning in Seattle and the deadline for submissions to the forensic challenge 2010/2 “browsers under attack” has passed. We received a total of 34 for submissions from folks all over the world. Nicolas from the Singapore chapter will be judging the submissions in the next few days. We will announce the top three winners on Monday, 22nd of March 2010. Alongside, we will post their submissions as well as our sample solution. Since we were using a web form for this challenge, we will not acknowledge receipt of each submission. If you are unsure whether submission was successful, please email [email protected] and we can check the submission database.) Also, if you have any suggestions on how to improve the forensic challenge, please let us know.