I was reading the latest copy of 2600 magazine yesterday. Most articles in this magazine are usually very interesting. However I found one that hit the jackpot. It was “Capturing Botnet Malware Using a HoneyPot” by L0j1k. I have heard the term honeypot before. But I really did not get the concept until reading that article.Basically the idea is to install a fresh version of Microsoft Windows. Then you customize the machine to look like a real machine by doing things like setting background wallpaper, adding some documents, etc. You make the machine vulnerable by changing the passwords to the word password. Finally you connect the machine to the Internet and wait for it to be infected with botnet malware.
The goal of this exercise is to monitor and analyze the techniques used by botnet installers. At some time in the future you can unplug the infected machine from the network, and see what types of nasty programs have been secretly installed. This sounds like a lot of fun. I am sure I can scrounge up an extra machine to use for this purpose.
I was thinking that I could take a more active approach to get bad programs installed on my computer. For example, I could search the Internet for evil programs that I could run on my machine. These are the ones that you normally want to avoid on your real machine. However I figure I could expedite the installation of malware by doing this. Then I could isolate the machine and find out what type of hacks had occurred on my machine.
Thanks to L0j1k (http://www.l0j1k.net) for sharing such an informative and interesting article.
