Drive by download malware

In reflect to actual trends in malware we announce startup of new module in our statistics. This module is based on client honeypots (XP SP2, IE SP2) running inside virtual enviroment. Sensor tests integrity of operation system (registry, file system) after visit of URL. If there are changes within visiting of URL, new "clean" machine is started and whole cycle is repeated. With this method is possible catch new exploits or observe new technics for which no public signature are available yet.

Modul is in intesive devel, we are working to automate collectiong all information (pcap's, exe's, logs'..) from all sensors. Analyses of integrity changes are already available.

http://www.honeynet.cz/?mmenu=malware&smenu_int=3〈=en&vmetr=1<br/>