Malware Honeypot and DNS fun…
Well, I have been working on a new project to trap and analyze malware. I have configured a honeypot on the Internet to trap people out to infect other machines. In the brief time (less than 24 hours) I have about 6 different malware samples with about 10 different attacker IP addresses. I have not thought about what I am going to do with the attacker IPs, but I am leaning toward to publishing them on this blog. The malware samples will NOT be released.
I have been thinking about the future of my malware hash tables project. I think I definitely want to keep doing this…I know, I have not released a table in a while, but I have been thinking of ways to automate my processes, which will require documentation, so, that may help create some tables faster. I apologize for the delays in releasing one, but I want to make sure I do this right and maintain quality tables. So, perhaps over the next few days, I will be experimenting with this process.
I have also released a publicly available DNS server that is another layer defense against malware. I will release details on this later as I want to ensure stability. I will be looking for a limited number of testers as well.
Let me know your thoughts on these projects. I must admit one of the other things slowing me down with all my projects is the fact that I am teaching myself Linux as I go.