honey monkey

A honey monkey is a virtual computer system that is programmed to lure, detect, identify and neutralize malicious activity on the Internet. The expression, coined by Microsoft, is based on the term honey pot, which refers to a computer system expressly set up to attract and "trap" people who attempt to penetrate other people's computers... (Continued)

A honey monkey is a program that imitates a human user to lure, detect and identify malicious activity on the Internet.

According to Microsoft, who developed the concept, a honey monkey is an active client honey pot. The honey monkey behaves like a highly active and extremely unwary human Internet user, logging onto many suspect websites. The programs detect harmful coding that could jeopardize the security of human visitors.

Certain types of websites are more likely to contain malicious coding, whether by design or as a result of hacking. Favored targets include the home pages of celebrities, sites that offer downloadable music and videos (particularly those that operate in violation of copyright law), pornographic sites and gaming cheater sites. Sophisticated hackers operate according to the principle of "minimizing the effort and maximizing the results." Effective honey monkeys take advantage of the same paradigm, scanning the Web for URLs most likely to be compromised. In some cases, individual hackers can be personally identified.

Microsoft developed a Web patrol system called Strider HoneyMonkeys to detect Web sites that frequently install spyware, Trojans and viruses on the computers of Internet users. Microsoft's system consists of multiple monkey programs running on virtual machines (VMs). Host systems have a range of patch levels to detect specific types of exploits.

In addition to identifying and isolating uniform resource locators (URLs) that propagate malware, a program called Strider Tracer can detect configuration and file changes that occur following an exploit. Using this method, interconnected communities of Web sites have been discovered that use targeted URLs to exploit client-side vulnerabilities on unpatched computers. Once such a site and the nature of its activity has been identified, a patch is generated to counter the threat.

In the first month of activity, the HoneyMonkey project detected malicious coding on 752 unique URLs, hosted on 287 sites. Researchers were able to identify several "major players," each of whom is responsible for many exploit pages.

This was first published in August 2008

Continue Reading About honey monkey

Dig deeper on Web Browser Security

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close