< Capture - High Interaction Client Honeypot | Monkey Spider: Monitoring of Malicious Websites >

Botspy - Efficient Observation of Botnets

With nepenthes and CWSandbox, we have two tools to automatically capture and analyze malware. If we find a botnet, it would be nice to also have an automated way to observe the corresponding botnet. This is where botspy comes into play: this tool is designed to observe botnets by connecting to them, entering the channel used for command & control, and then monitoring what is happening. Currently, the channel can either be IRC or HTTP, but due to the modular architecture, more communication protocols can be added.

Botspy is implemented by Claus Overbeck as part of his thesis and he gave a presentation about the current status today. The thesis is not finished yet, so more features will be integrated and - most important - statistics will be generated.
This entry was posted by Thorsten Holz on Tuesday, December 12. 2006 at 19:08. and is filed under honeynets, malware. You can leave a response, or trackback from your own blog. All new comments are subject to moderation before being displayed.

Trackbacks

Trackback specific URI for this entry

    No Trackbacks

Comments

Display comments as (Linear | Threaded)

  1. Americano says:
    #1 2006-12-12 20:12 (Reply)

    Are there any plans on producing an English translation of the PDF?

  2. glaslos says:
    #2 2007-08-02 11:10 (Reply)

    Are there any updates about botspy?

  3. Thorsten says:
    #2.1 2007-08-03 11:52 (Reply)

    Claus is still working on it, the progress is rather slow at the moment :-/


Add Comment


Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
E-Mail addresses will not be displayed and will only be used for E-Mail notifications

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA
 
Submitted comments will be subject to moderation before being displayed.