The Italian Honey Project » Paper http://www.honeynet.it The Italian chapter of the Honeynet Research Alliance Wed, 11 Jan 2012 11:44:56 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 Dorothy @APWG in Dallas http://www.honeynet.it/botnet/dorothy-apwg-in-dallas http://www.honeynet.it/botnet/dorothy-apwg-in-dallas#comments Thu, 14 Oct 2010 09:16:18 +0000 marco.riccardi http://www.honeynet.it/?p=366 On next Tuesday (October 19) I’m going to present a research in progress paper that I wrote with the e-Crime team of Barcelona Digital and Marco Cremonini from Department of Information Technology of the Università degli Studi di Milano.

The title of our paper is “A Framework For Financial Botnet Analysis“  and will be presented at the Anti Phishing Working Group (APWG) conference that this year will be held in Dallas.  Our work  represents a research study that is still in progress that is  based on developing new detection and mitigation strategies to cope with financial botnets.

The proposed research partially relies on a customized version of the Dorothy Framework by improving its overall development status. The Italian Chapter of the Honeynet Project is proud to see that its work is going to be useful also for such purpose, and this publication will encourage its future research.

]]> http://www.honeynet.it/botnet/dorothy-apwg-in-dallas/feed 0 Attending EC2ND http://www.honeynet.it/uncategorized/attending-ec2nd http://www.honeynet.it/uncategorized/attending-ec2nd#comments Tue, 27 Oct 2009 16:14:22 +0000 marco.riccardi http://www.honeynet.it/?p=135 I’m glad to inform that we will be attending the European Conference 2 Network Defence (EC2ND), scheduled on 9-10 November. This year the event is hosted by the Politecnico di Milano technical university in Milano, Italy.
Me and marco will introduce the status of our  current activities.

Hope to see you there!

]]> http://www.honeynet.it/uncategorized/attending-ec2nd/feed 1 Taking over the Torpig botnet http://www.honeynet.it/botnet/taking-over-the-torpig-botnet http://www.honeynet.it/botnet/taking-over-the-torpig-botnet#comments Mon, 04 May 2009 11:11:00 +0000 marco.riccardi http://m4rc00.wordpress.com/2009/05/04/taking-over-the-torpig-botnet/ Interesting paper about the Torpig botnet. It’s a very accurate report about this botnet, and I suggest this paper to any botnet-researcher. I found very interesting the new technique ( called domain flux in this paper) used by Torpig for C&C discovering.

[..] With domain flux, each bot uses a domain generation algorithm (DGA) to compute
a list of domain names. This list is computed independently
by each bot and is regenerated periodically. Then, the bot attempts
to contact the hosts in the domain list in order until one succeeds,
i.e., the domain resolves to an IP address and the corresponding
server provides a response that is valid in the botnet’s protocol [..]

Here is the project web site.

]]> http://www.honeynet.it/botnet/taking-over-the-torpig-botnet/feed 0