Web-based Malware & Honeypots
Monday, April 24. 2006
A few days ago, Johannes Ullrich posted a detailed report about phpBB bots/worms at the Internet Storm Center. His analysis of the bot implemented in Perl is something you should definitely read.
Besides these bots, there is also some other kind of web-based malware around. What I see quite frequently are simple backdoors written in PHP that are automatically uploaded to vulnerable machines. At http://honeyblog.org/junkyard/web-based/ I started to collect some of them. I modified them a bit so that they cannot cause any harm to others. Please use them just for educational purposes... With time, I plan to extend this collection.
With certain honeypots, it is also possible to learn more about this threat. Two projects that deal with web-based decoys are Google Hack Honeypots and PHP.Hop - PHP Honeypot Project by the French Honeynet Project. In the near future, there will also be a diplom student who deals with this type of honeypots as part of his thesis: Diploma Project: Web-based Honeypot Decoys
Besides these bots, there is also some other kind of web-based malware around. What I see quite frequently are simple backdoors written in PHP that are automatically uploaded to vulnerable machines. At http://honeyblog.org/junkyard/web-based/ I started to collect some of them. I modified them a bit so that they cannot cause any harm to others. Please use them just for educational purposes... With time, I plan to extend this collection.
With certain honeypots, it is also possible to learn more about this threat. Two projects that deal with web-based decoys are Google Hack Honeypots and PHP.Hop - PHP Honeypot Project by the French Honeynet Project. In the near future, there will also be a diplom student who deals with this type of honeypots as part of his thesis: Diploma Project: Web-based Honeypot Decoys
".
