Here are a few that we gathered this week for the demonstration: You can then sit and see what those naughty script kiddies send you. Make very sure it’s completely isolated from your business network though! One of the most popular VMWare images from the Honeynet Project is a Windows 2003 Server that appears vulnerable to MS08-067 the vulnerability in the Windows Server Service that Conficker exploited. Put the honeypot on a subdomain () configured to offer fake vulnerable services. Take a look at for further reading and resources on these. If that idea makes you nervous (and it should, no matter how seasoned you are) then read on.īuild a honeypot, or “production honeypot” as Wikipedia would have us call it. If you are comfortable with using your own corporate network to collect malware then skip this part. How do you collect current virus samples to test?
Gathering and using tools to independently evaluate A/V products be sure that you buy a good anti-virus product at your next renewal. 
How to better defend your network and users from malware threats know what to look for and where to find it. Which were the most effective A/V products and which are the most responsive to new and current threats?. We discussed low-cost mitigation, such as freeware honeypots, that can be used to gather samples and also detect an attacker should they actually get on to your network. Evasion of A/V and delivery of exploits to a desktop user were shown in real time, and no, we didn’t need to write a ‘zero day’ exploit to do this. We ran a live demonstration where we compared results from around 50 A/V products in real time, submitting the samples for evaluation and generating detection results live on stage. To do this we seeded fresh malware samples into publicly shared virus databases, in an attempt to identify which products and manufacturers responded to these new “threats”, and which ones failed to detect them at all. We also showed how many A/V vendors failed to update their detection signatures and/or engines in light of new samples that had been shared with them 12 months earlier. We demonstrated how easy it is to modify malware code to evade detection by A/V, using readily available tools, some freeware, some commercials. 
Even anti-virus vendors are questioning the future of their own products. Anti-virus products aren’t as good at detecting viruses and malware as many would claim.
0 kommentar(er)
