Virtual Honeypots: From Botnet Tracking to Intrusion Detection

Chapter 12. Analyzing Malware with CWSandbox

12.1 CWSandbox Overview

12.2 Behavior-Based Malware Analysis

12.3 CWSandbox — System Description

12.4 Results

12.5 Summary

In the old days of honeypots (back in the year 2000), most of the activity a honeypot captured was manual activity. Attackers would actually get on the system, type in keystrokes, install rootkits, and abuse the honeypot in different ways. Nowadays, most attacks are automated to improve efficiency and return on investment for an attacker. This automation mostly happens with the help of malware. Quite often you will capture automated threats with your honeypot. For example, a honeypot running an unpatched version of Windows will most likely be compromised within a couple of minutes. ...

Get Virtual Honeypots: From Botnet Tracking to Intrusion Detection now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Virtual Honeypots: From Botnet Tracking to Intrusion Detection by Niels Provos, Thorsten Holz

Chapter 12. Analyzing Malware with CWSandbox

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly