Counter-Botnetting: Honeypot @ Home

Here’s an idea for aspiring anti-botnet researchers:

Hook up with someone like the OpenBox creators or VMware and perhaps the guys at Malware Bytes. Create some Virtual Machine environments with all the security ripped out, that can be distributed with the intent of remotely (and deliberately) getting botnetted “in the wild”, but under controlled circumstances while running like one of those “@ Home” applications on volunteer systems.

One of the problems with today’s BotNet infections is the sheer size of the network they have to play with creates a security shield for the controllers.

I guess what I’m suggesting is to fight fire with fire: Virtual Machine Honey Pots (VMHPs, ‘vee-muhps’).

Don’t make it a user-interactive VM, so that it is a very controlled environment. Only run the guest operating system in “come and get me mode” for fairly short periods (half an hour to an hour). Because it’s not interactive, that limits what can go on inside, with the @ Home part of the app downloading instructions for what things to do. After it’s finished, it would switch to a scan-mode that can check for unexpected changes…

It could also help in triangulating/tracking the botnet controllers…

Leave a Reply

Name and email address are required. Your email address will not be published.

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

You may use these HTML tags and attributes:

<a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <pre> <q cite=""> <s> <strike> <strong> 

%d bloggers like this: