Detecting Botnets Using a Low Interaction Honeypot (PDF)

This paper describes a simple honeypot using PHP and emulating several vulnerabilities in Mambo and Awstats. We show the mechanism used to compromise the server and to download further malware. This honeypot is fail-safe in that when left unattended, the default action is to do nothing though if the operator is present, exploitation attempts can be investigated. IP addresses and other details have been obfuscated in this version.