IEEE Security and Privacy
Scalability, fidelity, and containment in the potemkin virtual honeyfarm
Proceedings of the twentieth ACM symposium on Operating systems principles
A multifaceted approach to understanding the botnet phenomenon
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Virtual honeypots: from botnet tracking to intrusion detection
Virtual honeypots: from botnet tracking to intrusion detection
The nepenthes platform: an efficient approach to collect malware
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
WebPatrol: automated collection and replay of web-based malware scenarios
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Set-up and deployment of a high-interaction honeypot: experiment and lessons learned
Journal in Computer Virology
Anatomy of drive-by download attack
AISC '13 Proceedings of the Eleventh Australasian Information Security Conference - Volume 138
Hi-index | 0.00 |
Autonomous spreading malware in the form of worms or bots has become a severe threat in today's Internet. Collecting the sample as early as possible is a necessary precondition for the further treatment of the spreading malware, e.g., to develop antivirus signatures. In this paper, we present an integrated toolkit called HoneyBow, which is able to collect autonomous spreading malware in an automated manner using high-interaction honeypots. Compared to low-interaction honeypots, HoneyBow has several advantages due to a wider range of captured samples and the capability of collecting malware which propagates by exploiting new vulnerabilities. We validate the properties of HoneyBow with experimental data collected during a period of about nine months, in which we collected thousands of malware binaries. Furthermore, we demonstrate the capability of collecting new malware via a case study of a certain bot.