Pre-Grant Publication Number: 20070208822
Filing Date: March 01, 2006
Inventors: Yi-Min Wang, Douglas Beck
Assignee: Microsoft Corporation
Current U.S. Classification: 709, 709/217000
View Prior Art for Claim 00011
The one or more processor-accessible media as recited in Claim 10, comprising the processor-executable instructions that, when executed, direct the device to perform further actions comprising:
visiting a given URL;
monitoring URL redirections resulting from the action of visiting the given URL; and
tracing the monitored URL redirections to produce the parent list of redirection URLs.
Title Using Honeyclients to Detect New Attacks
Description
Honeyclients are systems that drive a piece of vulnerable client software to potentially malicious sites, and monitor system behavior for indicators of compromise. Each honeyclient is a virtual host, and drives applications such as web browsers to user-specified URLs, looking for signs of malicious behavior when accessing that URL. The malicious behavior is flagged via an integrity check capability, which monitors for changes in files, registry key values, and processes. Upon detection of suspicious behavior, the honeyclient virtual machine is suspended, a new clone is created, and the spidering process continues.
