Malware honeypots wait for 2008

An innovative malware honeypot project backed by a leading consortium of IT security experts is preparing to re-launch its global sensor network after Jan. 1 in an effort to dupe more cyber-criminals into handing over information about their latest attack methods.

The Web Application Security Consortium's Distributed Open Proxy Honeypot Project, which was initially turned on in Jan. 2007, will relight its set of attack monitoring sensors on or about the first of the year after significantly scaling back its operations during the month of December.

After its initial 11 months of data collection, the project undertook the month-long hiatus to give project researchers more time to examine results and plan for the year ahead.

In addition to tweaking their tactics for tracking and luring malware distributors in 2008, WASC project leaders said they are also planning to add new honeypots to their existing network, which already spans locations in Europe, Russia, South America, and the United States.

Unlike more traditional OS-level or SMTP-based honeypot applications -- systems designed to collect individual malware samples for subsequent examination by anti-virus researchers -- the WASC project utilizes a network of 14 specially-configured open proxy servers (or proxypots) to monitor traffic for nefarious activities carried out by everyone from botnet herders to adware purveyors.