Re: collecting spyware with a honeypot

["Jamie Riden" <jamesr () europe com>]

On 09/10/06, Marc Samendinger <marc.samendinger () sp-online de> wrote:

> They have/had the same problem you are raising, gaining a list of
> urls to crawl. One of their idea was to set up a wiki with urls where
> malware was found. But I have no idea how far they have come with
> setting up a wiki like this.

There should be plenty of these in spam.

Someone suggested setting up a secondary MX - spammers tend to prefer
secondaries as they often have no or limited filtering.

You could also set up a spam honeypot (
http://en.wikipedia.org/wiki/Honeypot_%28computing%29#Spam_honeypots )
like Jackpot and use the results from there.

I seem to remember Messenger spam containing lots of dodgy links, look
for UDP packets going to ports 1025-1030 or so.

cheers,
Jamie
--
Jamie Riden, CISSP / jamesr () europe com / jamie.riden () gmail com
NZ Honeynet project - http://www.nz-honeynet.org/