Description: Most honeypots require malware to fulfill certain criteria in order to capture it. An SSH honeypot, for example, targets malware that attacks SSH servers, an HTTP client honeypot aims at malware that is distributed by web servers. However, it is almost always required that the targeted malware somehow spread via computer networks. And here the problem arises. Examples such as Conficker and Stuxnet, among others, have shown that it is possible - in some cases even necessary - for malware to spread via another medium: They propagate on USB sticks, completely independent from any network. Our honeypots are hardly able to detect such malware if it does not use networks as well. So what to do? In the talk we will discuss the concept of a honeypot that focusses on such USB malware - malware that propagates via USB storage devices - and find a way to detect the malware without any further knowledge. We will outline the idea and take a look at its implementation
Tags: malware , usb , honeypots ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.