Microsoft has released details of its Strider HoneyMonkey research project to find websites that host malicious code. It then passes the information to other parts of the company for patching or legal action.
The project uses a series of Windows XP clients as bait, with differing levels of patching, to attract attacks from websites that exploit browser vulnerabilities.
By using a complex system of “honeypots” and “honeymonkeys” to draw the malicious websites, the project gathers information to pass across a “food chain” of machines.
Yi-Min Wang, manager of the Cybersecurity and Systems Management research group at Microsoft, said in a white paper, “Within the first month of using this new system, we identified 752 unique URLs that are operated by 287 web sites and that can successfully exploit unpatched WinXP machines.”
Microsoft said that unpatched Windows machines are highly vulnerable, with an unpatched Windows XP SP1 desktop, for example, being vulnerable to 688 of the malicious URLs identified, and 270 of the web sites – 91% and 94% respectively of those identified.
If a PC is updated to SP2, these numbers come down to 27% and 43%, said Microsoft.