Microsoft's "monkeys" find first zero-day exploit

By .Kompressor
in Back Page News

 Share

Recommended Posts

Grand Master

.Kompressor

Posted
Posted

did a search and didn't find this in news... found this real cool technology.

Microsoft Strider Honey Monkey Project:

http://research.microsoft.com/HoneyMonkey/

-------------------------------------------------------------------------------------

Microsoft's "monkeys" find first zero-day exploit

Robert Lemos, SecurityFocus 2005-08-08

Microsoft 's experimental Honeymonkey project has found almost 750 Web pages that attempt to load malicious code onto visitors' computers and detected an attack using a vulnerability that had not been publicly disclosed, the software giant said in a paper released this month.

Known more formerly as the Strider Honeymonkey Exploit Detection System, the project uses automated Windows XP clients to surf questionable parts of the Web looking for sites that compromise the systems without any user interaction. In the latest experiments, Microsoft has identified 752 specific addresses owned by 287 Web sites that contain programs able to install themselves on a completely unpatched Windows XP system.

Honeymonkeys, a name coined by Microsoft, modify the concept of honeypots--computers that are placed online and monitored to detect attacks.

"The honeymonkey client goes (to malicious Web sites) and gets exploited rather than waiting to get attacked," said Yi-Min Wang, manager of Microsoft's Cybersecurity and Systems Management Research Group. "This technique is useful for basically any company that wants to find out whether their software is being exploited this way by Web sites on the Internet."

The experimental system, which SecurityFocus first reported on in May, is one of the software giant's many initiatives to make the Web safer for users of the Windows operating system. Online fraudsters have become more savvy about fooling users, from more convincing phishing attacks to targeting individuals who likely have access to high-value data. Some statistical evidence has suggested that financial markets are holding software makers such as Microsoft responsible for such problems.

The software giant has not focused on any single strategy to secure its customers. A year ago, the company released a major update, known as Service Pack 2, to its Windows XP operating system--an update that focused almost exclusively on security. The company has also started working closer with the independent security researchers and hackers that find the flaws in its operating system and offering rewards for information on the virus writers that have historically attacked its software.

The honeymonkey project, first discussed at the Institute of Electrical and Electronics Engineers' Symposium on Security and Privacy in Oakland, California in May, is the latest attempt by the software giant to detect threats to its customers before the threats become widespread. The honeymonkeys consist of virtual machines running different patch levels of Windows. The "monkey" programs browse a variety of Web sites looking for sites that attempt to exploit browser vulnerabilities.

Security researchers have given the initiative high marks.

"In terms of detection capabilities, it's a really elegant hack," said Dan Kaminsky, principal security researcher for Doxpara Research. "The antivirus model -- scan for dangerous patterns -- can't find previously unknown attacks. ... No, the best way to find out if a web page, if executed, would attack the browser is to spawn a browser and let it execute potentially hostile code."

New tactics like honeymonkeys will be a useful way to stave off the dangers of the Internet, said Lance Spitzner, president of the Honeynet Project, which creates software and tools for administering false networks of systems that appear to be vulnerable targets.

More info:

http://www.securityfocus.com/news/11273

------------------------------------------------------------------------------------------

Want to learn more about the MS Honey Monkey Project:

Leo Laporte and Security Analyst Steve Gibson go into detail on how MS HoneyMonkeys work in last weeks pod cast

" HoneyMonkeys "

How Microsoft's "HoneyMonkey" system works, how it finds malicious web sites before they find you, and what Microsoft is doing (and NOT doing) with this valuable security information it is now collecting.

Podcast Homepage: http://www.grc.com/securitynow.htm

Podcast stream: http://aolradio.podcast.aol.com/sn/SN-002.mp3

Mentor

Andareed

Posted
Posted
In the latest experiments, Microsoft has identified 752 specific addresses owned by 287 Web sites that contain programs able to install themselves on a completely unpatched Windows XP system.

Should be patched I think.

Mentor

BigCheese

Posted
Posted
Should be patched I think.

586453580[/snapback]

Not really. Because there are lots of users who don't know about updates and never patch their PC's. So it would be better for microsoft to find all websites that have malicious code rather than only the ones that target patched SP2 PCs.

Mentor

Chadwick

Posted
Posted

its not htat they dont know, its that they dont want to fix whats broken. Many firefox users have virus-free computers and no incentive upgrade. All IE users must upgrade to SP2 remain as secure. I never ugpraded to sp2 on my machine, there was no incentive because I never had an issue.

Enthusiast

TheLittleKid

Posted
Posted

they should make a blacklist system so that you cant visit these servers. I mean if they can index a good portion of the net they can surely black list all the bad hosts that have exploits on them.

I also mean it should be done on the isp level, so it doesnt matter what version of windows you have.

Grand Master

Orange Battery

Posted
Posted

What i don't think is helpful though is that have removed all the bad web sites from MSN search but have not shared their findings with anyone else in the security community so are gonna be profiting from this. I don't think Microsoft have started to sort things out for the good of their users, they have done it because their is a market for profit. I listened to the security now pod cast last week and agreed with a lot of things they said about it.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • EA Sports UFC 6 review: Brutal, satisfying, and surprisingly accessible to newcomers

      By Figure 8 Dash · Posted

      Oddly, there was a time that UFC games were culturally relevant, largely because of the graphics and gameplay that was different than the norm. But it seems like as the sport grew in popularity, gaming outlets stopped talking about the games.
    • Microsoft Edge 149.0.4022.69

      By Copernic · Posted

      Microsoft Edge 149.0.4022.69 by Razvan Serea Microsoft Edge is a super fast and secure web browser from Microsoft. It works on almost any device, including PCs, iPhones and Androids. It keeps you safe online, protects your privacy, and lets you browse the web quickly. You can even use it on all your devices and keep your browsing history and favorites synced up. Built on the same technology as Chrome, Microsoft Edge has additional built-in features like Startup boost and Sleeping tabs, which boost your browsing experience with world class performance and speed that are optimized to work best with Windows. Microsoft Edge security and privacy features such as Microsoft Defender SmartScreen, Password Monitor, InPrivate search, and Kids Mode help keep you and your loved ones protected and secure online. Microsoft Edge has features to keep both you and your family protected. Enable content filters and access activity reports with your Microsoft Family Safety account and experience a kid-friendly web with Kids Mode. The new Microsoft Edge is now compatible with your favorite extensions, so it’s easy to personalize your browsing experience. Microsoft Edge 149.0.4022.69 changelog: Fixed an issue that caused the Downloads dialog to continue displaying the "Keep/Delete" prompt for .rdp files after the download completed. Stable channel security updates are listed here. Download: Microsoft Edge (64-bit) | 193.0 MB (Freeware) Download: Microsoft Edge (32-bit) | 170.0 MB Download: Microsoft Edge (ARM64) | 188.0 MB View: Microsoft Edge Website | Release History Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Save 44% on Intuit QuickBooks Desktop Pro Plus 2024 (1 User for 1-Year)

      By News Staff · Posted

      Save 44% on Intuit QuickBooks Desktop Pro Plus 2024 (1 User for 1-Year) by Steven Parker Today's highlighted deal comes via our Apps + Software section of the Neowin Deals store, where for only a limited time, you can save 44% on Intuit QuickBooks Desktop Pro Plus 2024 (1 User + 1 Year) for Windows. Take control of your business finances with Intuit® QuickBooks® Desktop Pro Plus 2024 Lifetime Activation for Windows. This powerful accounting software simplifies bookkeeping, expense tracking, invoicing, and financial management—all in one intuitive platform. Designed for small business owners, freelancers, and accountants, QuickBooks® Desktop Pro Plus 2024 ensures accuracy, efficiency, and seamless transaction tracking. Stay organized, save time, and manage your finances with confidence—no subscriptions, just lifetime access! Financial and business management Comprehensive Financial Management: Gain access to a full suite of features designed to handle everything from creating invoices & managing expenses to generating reports and tracking sales. Enhanced Reporting Tools: Generate professional reports & insights to make informed financial decisions and help you stay ahead of your business goals. Job Costing: Track the profitability of specific jobs or projects. Fixed Asset Management: Track the depreciation & value of fixed assets. Customer & Vendor Management: Organize information, streamline communication & enhance customer relations. Sales Order Processing: Create & manage sales orders from start to finish. Purchase Order Processing: Create & manage purchase orders to streamline vendor payments. Improved Inventory Management: Enhanced features for tracking inventory levels & costs. Automation, integration, and support Enhanced Bank Feeds: Web Connect (manual QBO imports), works on all licenses for easier bank reconciliation Time Tracking: Track employee time to accurately calculate payroll and project costs Easy Data Import: Quickly transfer financial data from Excel or older QuickBooks® versions Why choose Intuit® QuickBooks® Desktop Pro Plus 2024? Effortless Installation: Quick and easy setup with step-by-step guidance. No Hidden Costs: One-time payment—no subscriptions or recurring fees. Direct Official Download: Access the software securely from the official QuickBooks® website. Stay Up to Date: Get the latest updates and features for optimal performance. Multilingual Support: Available in multiple languages to suit your needs. Lifetime Access: A one-time purchase means no ongoing costs. IMPORTANT: Cloud integrations (QuickBooks Payments, TurboTax, and Online logins) are NOT included. Good to know: Length of access: lifetime Redemption deadline: redeem your code within 30 days of purchase Access options: Windows Max number of device(s): 2 (for 1 user only and can't be used simultaneously) Version: 2024 (United States) 64-bit Available to both NEW and EXISTING users For US customers only Updates included An Intuit QuickBooks Desktop Pro Plus 2024 (1 User + 1-Year) for Windows: Lifetime License normally costs $536, but it can be yours for just $299.99 for a limited time, a saving of $236. There are also other plans available. For specifications, and license info please click the link below. Get Intuit QuickBooks Desktop Pro Plus 2024 for just $299.99 This is a time limited deal For US customers only. Support queries If you have queries or need support for any of the Neowin Deals, please use the contact form here. Neowin Deals are managed and sold by StackCommerce who represent Neowin on an affiliate basis. Why we post these deals We post these because we earn commission on each sale so as not to rely solely on advertising, which many of our readers block. It all helps toward paying staff reporters, servers and hosting costs. So for those that keep moaning and complaining, be thankful we're still online for you to even do that. Other ways to support Neowin Whitelist Neowin by not blocking our ads Create a free member account to see fewer ads Make a donation to support our day to day running costs Subscribe to Neowin - for $14 a year, or $28 a year for an ad-free experience Disclosure: Neowin benefits from revenue of each sale made through our branded deals site powered by StackCommerce.
    • Can't access the forum on mobile

      By Steven P. · Posted

      AFAIK you shouldn't be getting a consent popup at all from Canada, so I think it is to do with a VPN or private/secure DNS.
    • Microsoft releases major feature updates for stock Windows 11 apps

      By eiffel_g · Posted

      From what I see it's only for Insider - preview builds. Not for everybody. So...

  • Recent Achievements

    • Week One Done
      agatameier earned a badge
      Week One Done
    • One Month Later
      agatameier earned a badge
      One Month Later
    • Week One Done
      ssd21345 earned a badge
      Week One Done
    • Contributor
      MarkHughes4096 went up a rank
      Contributor
    • Dedicated
      jordanspringer earned a badge
      Dedicated

  • Popular Contributors

    1. 1
      +primortal
      507
    2. 2
      +Edouard
      175
    3. 3
      PsYcHoKiLLa
      139
    4. 4
      ATLien_0
      90
    5. 5
      Steven P.
      76
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!