Pre-Grant Publication Number: 20070208822
Filing Date: March 01, 2006
Inventors: Yi-Min Wang, Douglas Beck
Assignee: Microsoft Corporation
Current U.S. Classification: 709, 709/217000
View Prior Art for Claim 00016
A method comprising:
requesting information from a targeted network location as represented by a uniform resource locator (URL);
receiving a response from the targeted URL;
tracing events that occur on a machine;
ascertaining if an illicit event occurred based on the traced events; and
determining that an exploit has been accomplished by the targeted URL if an illicit event is ascertained to have occurred.
Title A Crawler-based Study of Spyware on the Web
ISBN
Description
Contains a study in which a browser was instrumented to detect drive-by-downloads. Identical to HoneyMonkey study. However, Moshchuck et al used the Firefox browser instead of Microsoft's Internet Explorer browser.
Title SF new column announcement: Time to Dump IE
Description
First articulation on the idea of a client honeypot (which is what Honeymonkey represents).
Title Using Honeyclients to Detect New Attacks
Description
Honeyclients are systems that drive a piece of vulnerable client software to potentially malicious sites, and monitor system behavior for indicators of compromise. Each honeyclient is a virtual host, and drives applications such as web browsers to user-specified URLs, looking for signs of malicious behavior when accessing that URL. The malicious behavior is flagged via an integrity check capability, which monitors for changes in files, registry key values, and processes. Upon detection of suspicious behavior, the honeyclient virtual machine is suspended, a new clone is created, and the spidering process continues.
