Australian Honeynet Project

Greetings everyone

Recently on the train to work I got to playing with VirtualBox and by the end of the trip I had a very nice new toy that will automagically process malware samples in VirtualBox images and capture their associated network traffic and package up the results into neat little zips foreach sample that is run.

Why did I call it Minionz? well I wanted a cool name and one of the team members said "it has to have the letter z in there" and I figured Minionz was a very appropriate name for a sandnet since they are effectively doing all the leg work as a normal minion would do :)

You can find the link to the tool here http://honeynet.org.au/release/minionz.zip as well as on our tool site:
http://honeynet.org.au/?q=node/10

-vlashef

Today we are happy to announce the release of an automated spam processing tool.

It will extract out all urls from an email, try to pick the correct sender of the email and then link the two together in a database.

Information such as geolocation and ASN is also collected and stored for both the sender and the url.

It has been working now for a few weeks but I'm sure someone will find something wrong with it, if so please let us know.

The code can be found in the tools section http://honeynet.org.au/?q=node/10

-Vlashef

Today we are very proud to announce that labyrinthdata.net.au has donated a server to the Australian Honeynet Project.

If you are looking for good Australian VPS hosting take a look at these guys!
http://honeynet.org.au/?q=node/2

-Vlashef

Hi all,

The latest version of the Tracking system has finally been released. The changes to version 1.0 are not too great.
This version allows us to decide which hostnames we want to track.
http://honeynet.org.au/?q=node/10
Enjoy.

-Vlashef

Current Development of the DonkeyPot is progressing along at different speeds lately.
I've been looking at many different coding examples from the OCAML code for mldonkey to a lovely little c# app as I decided that trying to do it all in perl might not be the best idea.
The first version of the code should be ready for release over the next few months.
Some interesting finds so far from testing has shown that the majority of the types of files that have malware, as deduced by virustotal.com, are for anti-virus 'patches'. At last check there were over 750k unique files (by md4) being shared on the edonkey network.

From the files that I have tested so far I am already seeing some links between existing botnets that are in circulation and those shadowserver are tracking. This raises some very interesting questions about the propagation methods of these botnets.

Another interesting point is that for the majority of the files that I have collected/tested there is very minimal coverage from the leading anti-virus vendors.

Today we are happy to announce the public release of the first version of our Fast-Flux tracking tool. It can be found in the tools section of the website http://honeynet.org.au/?q=node/10

-Vlashef

Over the last couple of weeks, what started out as a simple perl script to map the IP's of the fast flux domain ibank-halifax.com has since turned into a complete system, with a database backend for tracking changes to FF domains.
Shortly, I hope to soon release the implementation so that other people can learn from and build on what I've done.

Map of Fast flux hosts:
http://honeynet.org.au/?q=node/3

-Vlashef

Our first sponsor!!
We are very excited to announce that 1and1.com http://1and1.com have donated a server to the project !
This is very generous of them, and is something we could not have afforded out of our own pockets.

Thanks very much 1and1 !

-vlashef