Websense reveals bait for Web 2.0 cybercrooks
Published: 08 Aug 2007 10:01 BST
Websense has revealed one of its methods for monitoring malicious web activity.
The security company revealed its technique on Sunday at the Defcon show in Las Vegas.
The company uses a series of web bots and user accounts, collectively referred to as "HoneyJax", to mimic Web 2.0 user activity.
Honeypots mimic email servers and accounts, while honeyclients simulate client activity, such as a user's browser, when visiting websites, to determine whether that website is malicious.
HoneyJax simulate user accounts in social networks, according to Dan Hubbard, vice president of security research at Websense. "They're designed to track techniques, URLs and malicious script, and monitor outbreaks within web space, like web worms," he said.
Read this
Feature: Locating the real threats to corporate security
With organised criminals seizing the opportunities of cybercrime, how accurate is the established belief that company insiders are the biggest threat to IT security?
"Passive HoneyJax" are dormant accounts in social-networking sites that wait for a web worm to connect to a user profile before informing Websense. Automated "active HoneyJax" bots solicit users to join networks or reply to requests, and work in a similar way to web-search crawlers, Hubbard added.
"Active HoneyJax say: 'Okay, I'll click on that link'," said Hubbard.
'Passive/aggressive HoneyJax' look for attempts to defraud based on a user profile. For example, they monitor social networks which are likely to contain vulnerable people, which may include older citizens considering investments, or students seeking loans, said Hubbard.
Websense wrote its own HoneyJax bots, which it has been using for six months. Open-source social-networking bots are also available, as are commercial bots.
Did you find this article useful?
3 out of 8 people found this useful
- Share this article:
