Catching worms with ghost flash drives

Updated on: 2012-06-15 || Source: h-online.com

Development of Sebastian Pöplau's Ghost USB Honeypot, originally developed at the University of Bonn, will now be taken up by the Honeynet Project. The software emulates a USB flash drive inserted into a USB port on a Windows system, and functions as malware bait. If a system is infected with a worm such as Conficker, Stuxnet or Flame, the worm will copy itself to the fake flash drive. It will then land in an image file, used by Ghost to spoof a USB flash drive, from where it can be analysed.

The idea is to run the honeypot software in the background on production systems at regular intervals, perhaps when the user is inactive and the screensaver is displayed. If something copies itself to the flash drive within a set time frame, say 30 seconds, it can be assumed that it has caught some malware.

Ghost USB currently runs under Windows XP only, although the project plan includes adding support for Windows 7. The project page contains pre-compiled drivers suitable for conducting initial experiments. A Windows Driver Kit is required to compile the source code, which is open source; the software is licensed under the GPLv3.

News

Blackphone 2 'privacy' Android handset revamped
Security firm Silent Circle has revamped its smartphone that helps people manage personal data.
Chinese smartphones mount massive web attack
More than 650,000 Chinese smartphones have been unwittingly enrolled in a massive attack that overwhelmed a web
Hilton investigates hack claims
The Hilton hotel group has said it is investigating claims its US shops and gift stores may be the source of
Twitter website 'blocked' in Turkey
Twitter users in Turkey report that the social media site has been blocked in the country.

SIGN UP FOR NEWSLETTER

Sign up to received our free newsletter!
Name:
E-mail ID:

MOST READ

Views: 5150 Times
Highlighter Scroller READ MORE
Views: 2941 Times
Microsoft Unveils Two Windows 8 Surface Tablets READ MORE
Views: 2654 Times
Facebook's first big investor, Peter Thiel, cashes out READ MORE
Views: 5459 Times
How To Run Android Apps On PC READ MORE
Views: 7077 Times
Lock A File/Folder with RAR or ZIP READ MORE

Home|IT News|Computer Tips|Video Tutorials|Download Softwares|Subjects|Contact Us
Copyright © 2018. Jumbo Education (Information Technology). All rights reserved.
Free counter and web stats

Large Visitor Globe