Honeynet Project results and trends

Honeynet Project released their status report for 2007 fiscal year (July 2006 – June 2007).  This annual report covers the activities of the overall organization and its chapters. 

The major trends discovered across many of the chapters include:

  • Global Distributed Honeynet (GDH) has demonstrated that large scale distributed data collection and analysis are complex, time consuming efforts.   Now that Phase 1 is complete we are reviewing the lessons learned and identifying the best way to move forward (such as the use of honeypot farms, a more focused effort on client and low-interaction solutions, more automated data analysis, more powerful data analysis tools, etc). 
  • That automated collection and basic analysis of Windows malware can now routinely be performed without the need for high interaction windows honeypots (which is good news for operations/DA), but that increasingly malware authors are attempting to detect, bypass or hide from automated collection and sandbox technologies.
  • Many chapters are collecting extensive amounts of malware with Nepenthes.  We need improved centralization and analysis of malware making it easier to leverage that information for the chapters and members.

Read the report over here.

Don't miss