Featured Research

from universities, journals, and other organizations

Malicious software: Hiding the honeypots

Date:
February 27, 2010
Source:
Inderscience Publishers
Summary:
Armies of networked computers that have been compromised by malicious software are commonly known as Botnets. Such Botnets are usually used to carry out fraudulent and criminal activity on the Internet. Now US computer scientists reveal that the honeypot trap designed to protect computers from Botnets are now vulnerable to attack because of advances in Botnet malware.

Armies of networked computers that have been compromised by malicious software are commonly known as Botnets. Such Botnets are usually used to carry out fraudulent and criminal activity on the Internet. Now, writing in the International Journal of Information and Computer Security, US computer scientists reveal that the honeypot trap designed to protect computers from Botnets are now vulnerable to attack because of advances in Botnet malware.

In the 1990s and early 2000s, viruses and worms were the main problems facing computer security experts, with the likes of Melissa, Love Letter, W32/Sircam, MyDoom, Netsky and Bagle familiar to anyone reading the computer press during that period. There has not been a major outbreak of a conventional computer virus or worm on the internet since the Sassar worm of May 2004. That is not because improvements in computer security have outstripped the skills of the virus writers but simply because the focus has shifted to taking control of computers invisibly. Instead of erasing information from hard drives or causing other mischief, compromised computers are recruited into Botnets that track keystrokes and steal usernames, passwords, and credit card details with criminal intent.

Cliff Zou and colleagues of the University of Central Florida in Orlando, explain that Botnets have become one of the major attacks on the internet today, allowing those that control them to take control of tens of thousands of computers and websites, steal credit card and banking information, send millions of spam emails, and infect other computers, all for illicit financial gain. Moreover, those in control of the most powerful Botnets even hire out computer time on these illegal systems to other criminals.

The self-propagating nature of a Botnet means that the underlying software is always attempting to infect new computers. This has allowed security experts to create "honeypot" traps -- unprotected computers with hidden monitoring software installed -- that attract Botnets and then extract data about the Botnet and the compromised computers it controls. Honeypots set up by security defenders thus become spies in exposing botnet membership and revealing Botnet attack behavior and methodology allowing security experts to find ways to block Botnet activity.

Zou and his team have now discovered that Botnet software could be developed to detect honeypots. Given that security defenders have an obligation to dis-arm their own honeypot computers so that they do not become active components of the Botnet, the malicious software could, they explain, simply detect such a honeypot during initial activity as it will not send back appropriate information. The Botnet would then either disable the honeypot computer or else simply ignore its existence and move on to the next target.

By revealing this vulnerability to the computer security industry and presenting possible guidelines for creating honeypots that might be undetectable, the team hopes to pioneer a way to trap and block Botnet software before the Botnet controllers are able to exploit this technical loophole in legitimate computer systems employing honeypots.

" Honeypot research and deployment still has significant value for the security community, but we hope this paper will remind honeypot researchers of the importance of studying ways to build covert honeypots, and the limitation in deploying honeypots in security defense," Zou says, "but all that effort will be for naught if honeypots remain as easily detectible as they are presently."


Story Source:

The above story is based on materials provided by Inderscience Publishers. Note: Materials may be edited for content and length.


Journal Reference:

  1. Honeypot detection in advanced botnet attacks. Int. J. Information and Computer Security, 2010, 4, 30-51

Cite This Page:

Inderscience Publishers. "Malicious software: Hiding the honeypots." ScienceDaily. ScienceDaily, 27 February 2010. <www.sciencedaily.com/releases/2010/02/100226093211.htm>.
Inderscience Publishers. (2010, February 27). Malicious software: Hiding the honeypots. ScienceDaily. Retrieved September 1, 2014 from www.sciencedaily.com/releases/2010/02/100226093211.htm
Inderscience Publishers. "Malicious software: Hiding the honeypots." ScienceDaily. www.sciencedaily.com/releases/2010/02/100226093211.htm (accessed September 1, 2014).

Share This




More Earth & Climate News

Monday, September 1, 2014

Featured Research

from universities, journals, and other organizations


Featured Videos

from AP, Reuters, AFP, and other news services

Iceland Lowers Aviation Alert on Volcano

Iceland Lowers Aviation Alert on Volcano

AFP (Sep. 1, 2014) Iceland has lowered its aviation alert on its largest volcano after a fresh eruption on a nearby lava field prompted authorities to enforce a flight ban for several hours. Duration: 01:07 Video provided by AFP
Powered by NewsLook.com
Lightning Hurts 3 on NYC Beach

Lightning Hurts 3 on NYC Beach

AP (Sep. 1, 2014) A lightning strike injured three people on a New York City beach on Sunday. The storms also delayed flights and interrupted play at the US Open tennis tournament. (Sept. 1) Video provided by AP
Powered by NewsLook.com
Thailand Totters Towards Waste Crisis

Thailand Totters Towards Waste Crisis

AFP (Sep. 1, 2014) Fears are mounting in Bangkok that poor planning and lax law enforcement are tipping Thailand towards a waste crisis. Duration: 01:21 Video provided by AFP
Powered by NewsLook.com
Melting Ice Shelves Drive Rapid Antarctic Sea Level Rise

Melting Ice Shelves Drive Rapid Antarctic Sea Level Rise

Newsy (Sep. 1, 2014) A study of almost 20 years' worth of satellite images shows Antarctic sea levels are on the rise as ice shelves continue to melt. Video provided by Newsy
Powered by NewsLook.com

Search ScienceDaily

Number of stories in archives: 140,361

Find with keyword(s):
Enter a keyword or phrase to search ScienceDaily for related topics and research stories.

Save/Print:
Share:

Breaking News:
from the past week

In Other News

... from NewsDaily.com

Science News

Health News

Environment News

Technology News



Save/Print:
Share:

Free Subscriptions


Get the latest science news with ScienceDaily's free email newsletters, updated daily and weekly. Or view hourly updated newsfeeds in your RSS reader:

Get Social & Mobile


Keep up to date with the latest news from ScienceDaily via social networks and mobile apps:

Have Feedback?


Tell us what you think of ScienceDaily -- we welcome both positive and negative comments. Have any problems using the site? Questions?
Mobile: iPhone Android Web
Follow: Facebook Twitter Google+
Subscribe: RSS Feeds Email Newsletters
Latest Headlines Health & Medicine Mind & Brain Space & Time Matter & Energy Computers & Math Plants & Animals Earth & Climate Fossils & Ruins