Victoria Uni tech leads internet attack study

New Zealand Honeypot project logo
The international Honeynet Project has used honeypot technology developed at New Zealand’s Victoria University to track web-based security attacks reports ComputerWorld.

The article notes “Even seemingly safe web addresses are rife with attack code aiming at vulnerable clients, according to the Honeynet Project study based on the technology. The authors say that methods such as blacklists can be surprisingly successful in stopping client-side attacks.”

“The study used a ‘high-interaction’ client honeypot, called Capture-HPC, developed by Victoria University of Wellington, to analyse more than 300,000 addresses from around 150,000 hosts.”

The article goes on to say “These results only confirm what security researchers have been saying for some time now. But the study also analyses the effectiveness of safeguards against such infections in some detail.

“The research shows that blacklists, if regularly updated, can be a surprisingly effective way of blocking malicious addresses.”

The New Zealand Honeynet Project has released a paper this month called “Know Your Enemy: Malicious Web Servers”. The paper is introduced as:
Today, many attackers are part of organized crime with the intent to defraud their victims. Their goal is to deploy malware on a victim’s machine and to start collecting sensitive data, such as online account credentials and credit card numbers. Since attackers have a tendency to take the path of least resistance and many traditional attack paths are barred by a basic set of security measures, such as firewalls or anti-virus engines, the “black hats” are turning to easier, unprotected attack paths to place their malware onto the end user’s machine. They are turning to client-side attacks.

In this paper, we examine these client-side attacks and evaluate methods to defend against client-side attacks on web browsers. First, we provide an overview of client-side attacks and introduce the honeypot technology that allows security researchers to detect and examine these attacks. We then proceed to examine a number of cases in which malicious web servers on the Internet were identified with our client honeypot technology and evaluate different defense methods. We conclude with a set of recommendations that one can implement to make web browsing safer.

The paper is available for download at http://honeynet.org/papers/mws/index.html and the ComputerWorld article is available at computerworld.co.nz/news.nsf/scrt/54EB43981E198CCBCC257340007D86C0