Collecting malware from distributed honeypots — Honeypharm

Abstract

The purpose of having a honeypot, such as Nepenthes, that collects malicious software (malware), is to build the capability of capturing malware propagating in a certain infrastructure, or intentionally targeting that infrastructure. When multiple honeypots of this type are deployed, they require a mechanism in which the malware and other related intelligence are reported to a centralized repository to analyze collected malware and study both overall and infrastructure-specific trends. Such a setup also caters for identifying new malware, i.e., malware that are not known by any antivirus provider. This provides a mechanism of malware detection and analysis at the early stages, which allows it to be dealt with before it spreads massively and causes severe damage.