[HGI-News] HGI-Seminar, Montag 05.02.07: Botnet Monitoring - Learning More About Botnets
Newsletter des Horst Görtz Instituts
hgi-news at lists.ruhr-uni-bochum.de
Mo Jan 29 15:33:22 CET 2007
Thorsten Holz, Universität Mannheim
Montag 5. Februar 2007, 13:15 Uhr IC 4 / 39-41
Botnet Monitoring - Learning More About Botnets
With the help of tools like nepenthes (http://nepenthes.mwcollect.org/)
or different honeypot solutions, we are able to automatically collect
autonomous spreading malware. With the help of an automated analysis
process (http://www.cwsandbox.org), we can also learn more about each
binary without any human interaction. Thus we are able to automatically
collect information about botnets, e.g. where they are located, which nick
names they use, and which passwords are involved. Based on this information
we can start to observe the botnets and learn more about them.
In the first part of the talk, we will shortly introduce nepenthes and
different ways to collect malware. In addition, we briefly talk about
malware analysis with the help of CWSandbox. The main part of the talk
focusses on "botspy", a tool for automated tracking of botnets. We
introduce the tool in detail and talk about the lessons learned with it
based on real-world examples. The talk concludes with an overview of
several other ways to detect compromised machines and how to protect
against the threat behind botnets.
-----------------------------
Ausserdem Dienstag 6. Februar 2007 13:15 Uhr:
Saar Drimer, Universität Cambridge
A diamond for a pint: relay attack and distance bounding defence
_____________________________________________________________________________
Die Webseite des HGI-Seminars mit allen Informationen zu vergangenen und
zukünftigen Vorträgen: http://www.hgi.rub.de/deutsch/lehrangebot/seminar.html
Mehr Informationen über die Mailingliste Hgi-News-Deutschland