< "Puppetnets: Misusing Web Browsers as a Distributed Attack Infrastructure" | SpyBye - Finding Malware >

"Shelia: A Client-side Honeypot for Attack Detection"

The fine folks from Universiteit Amsterdam have published a first preview of Shelia, a client-side honeypot for attacke detection, at http://www.cs.vu.nl/~herbertb/misc/shelia/. Shelia scans through a mail folder and then follows every url and opens every attachment. The tool monitors the processes and generates alerts when the process attempts to change the registry, create files, or attempts specific network operations.

Shelia is available for Windows and supports Outlook Express. It was implemented by Joan Robert Rocaspana from the group around Herbert Bos.
This entry was posted by Thorsten Holz on Tuesday, March 6. 2007 at 16:42. and is filed under honeynets. You can leave a response, or trackback from your own blog. All new comments are subject to moderation before being displayed.

Trackbacks

Trackback specific URI for this entry

    No Trackbacks

Comments

Display comments as (Linear | Threaded)

    No comments


Add Comment


Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
E-Mail addresses will not be displayed and will only be used for E-Mail notifications

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA
 
Submitted comments will be subject to moderation before being displayed.