Client Honeypots - It's Not Only The Network [Video]

The Client Honeypot is a new implementation of the classic honeypot concept. Honeypots create an environment that is unknown and monitored, therefore, all data entering the environment is suspect as the environment should not receive any data. Honeypots have generally been targeted at researching and analyzing network and operating system level attacks, however, New attacks, such as phishing, have exploited vulnerabilities within client applications such as web browsers in order to increase propagation, perform identity theft, fraud, or general mayhem.

Client honeypot are being developed to solve the need of the research community. The community needs a set of tools to help analyze what sources of information are disseminating these threats, what the threats do, and ultimately devise ways to protect users from these threats. The initial implementation of the client honeypot focuses on providing data for use within analysis not automated analysis of the data.

A Client Honeypot is a collection of applications that collectively help researchers and end users determine where threats are coming from, by actively searching or scraping the Internet, what those threats exploit to install themselves on the target system, and what information the malware collects. Information such as what files, registry keys, or sockets are accessed or created, in addition to lower level information such as what sites the malware communicates with and how the malware functions can also be obtained.