Victoria U Honeypot Tech Leads to Net Attack Study

• By Paul McCloskey
• 09/13/07

The international Honeynet Project, a research consortium formed to share computer threat information and solutions, is using a behavioral analysis tool developed at New Zealand's Victoria University to study Web-based security attacks.

According to the Honeynet Project study, which used the Vicoria University's Capture HPC analysis tool, many Web addresses that appear to be safe are rife with attack code aiming at vulnerable clients. Moreover, attackers are increasingly turning to end-user systems as a way around antivirus and firewall systems that are blocking their access to traditional attack routes.

"The 'black hats' are turning to easier, unprotected attack paths to place their malware onto the end-user's machine," according to the study by the Honeynet researchers, titled, "Know Your Enemy: Malicious Web Servers."

The study used Capture HPC to analyze more than 300,000 addresses from around 150,000 hosts. It looked at various types of sites, including music and news sites, and concluded that while some categories were more likely to contain malicious addresses than others, all contained malicious addresses.

"As in real life, some 'neighbourhoods' are more risky than others, but even users that stay clear of these areas can be victimized," the report said. "Any user accessing the Web is at risk."

Victoria University researchers Ramon Steenson and Christian Seifert said Capture HPC analyzes the state of an operating system and applications running on it and generates reports for any events received. In stand-alone mode it also function as a behavioral analysis tool for software running on Win32 operating systems including the latest version of Windows Vista.

Read More:

• Report: Know Your Enemy: Malicious Web Servers
• The Honeynet Project