HoneyMonkeys prove benefits of patching PCs

Microsoft has released details of its Strider HoneyMonkey research project to find websites that host malicious code. It then passes the information to other parts of the company for patching or legal action.

Microsoft has released details of its Strider HoneyMonkey research project to find websites that host malicious code. It then passes the information to other parts of the company for patching or legal action.

The project uses a series of Windows XP clients as bait, with differing levels of patching, to attract attacks from websites that exploit browser vulnerabilities.

By using a complex system of “honeypots” and “honeymonkeys” to draw the malicious websites, the project gathers information to pass across a “food chain” of machines. 

Yi-Min Wang, manager of the Cybersecurity and Systems Management research group at Microsoft, said in a white paper, “Within the first month of using this new system, we identified 752 unique URLs that are operated by 287 web sites and that can successfully exploit unpatched WinXP machines.”

Microsoft said that unpatched Windows machines are highly vulnerable, with an unpatched Windows XP SP1 desktop, for example, being vulnerable to 688 of the malicious URLs identified, and 270 of the web sites – 91% and 94% respectively of those identified.

If a PC is updated to SP2, these numbers come down to 27% and 43%, said Microsoft.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT legislation and regulation

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

  • Dissecting the Hack

    In this excerpt from chapter three of Dissecting the Hack: The V3RB0TEN Network, authors Jayson E. Street, Kristin Sims and Brian...

  • Digital Identity Management

    In this excerpt of Digital Identity Management, authors Maryline Laurent and Samia Bousefrane discuss principles of biometrics ...

  • Becoming a Global Chief Security Executive Officer

    In this excerpt of Becoming a Global Chief Security Executive Officer: A How to Guide for Next Generation Security Leaders, ...

SearchNetworking

SearchDataCenter

SearchDataManagement

Close