The Australian SensorNET
The SensorNET is a scalable, distributed collection of Australian based honeypot sensors. Sensors passively and safely collect network borne malware being distributed by botnets. The sensors are configured to send these samples to our central collection server for detailed analysis and documentation in or Malware library.
Malware library
These binaries are then automatically analyzed and inserted into an overarching database we call our "Malware library".
Automated analysis tasks completed by the central collection server include the following pieces of information:
Surface level analysis
High level identification data is collected including MD5 and SH1 hash's, packer details, file size. Like a traditional library (eg an ISBN number), these high level attributes are often used to search for malware.
Anti Virus
All malware samples are scanned using 32 leading Anti Virus vendors. These results are included in the malware library. Any AV vendor that does not detect the piece of malware receives a copy of the binary so that they can update their signatures, thus mitigating the risk of future attacks.
Sandboxing
Sandboxing refers to the analysis of the binary on a controlled live system. The behaviors are then observed and documented. This work is extremely valuable as it allows for second stage downloads to be identified and collected, and for botnet "Command and Control" servers to be discovered. This information included in the "Malware library" for data analysis and investigations.
Location of attacker networks
Another goal of the SensorNET is to attain a quantitative understanding of the locations of networks that are targeting the Australian IP space.
Those participating in the SensorNET project, and who have skills, facilities and mandate to analyze the data, can be given access to the Malware library. We particularly welcome ISP's, academia and law enforcement agencies to partake in this project.
If you would like to get involved, we are always looking for additional sensors and data analysis skills. Please contact us via the contact page if you think you can join the pursuit of malware affecting Australian cyberspace.