I’m proud to annunce that “The Dorothy Project” is officially become “The Italian Honeynet Chapter” !
Special thanks to Lance Spitzner and Max Kilger for their support during the registration process.
And thanks to all the honeynet reseach alliance for their encouragement!

We are currently work for the first relase of our platform, so be patient and stay tuned.


Waiting for the official relase of our platform, we want to share with you some previews of the web application used by Dorothy for automatic-visualize its analysis result.
You are welcome to post your comments/feeds/questions !

Map overview
Information pannel 1
Information pannel 2
Graph pannel 3
Botnet summarizing pider Chart


From net-security: “[..]The quick expansion of botnets threatens to boost spam levels back up. In fact, spam volumes have already recovered about 70 percent since McColo Corp. went offline. Compared with the same quarter a year ago, spam volumes are 20 percent lower in 2009 and 30 percent below the third quarter of 2008, which had the highest quarterly volumes recorded to date.[..]”

To view the full report go here.


Interesting paper about the Torpig botnet. It’s a very accurate report about this botnet, and I suggest this paper to any botnet-researcher. I found very interesting the new technique ( called domain flux in this paper) used by Torpig for C&C discovering.

[..] With domain flux, each bot uses a domain generation algorithm (DGA) to compute
a list of domain names. This list is computed independently
by each bot and is regenerated periodically. Then, the bot attempts
to contact the hosts in the domain list in order until one succeeds,
i.e., the domain resolves to an IP address and the corresponding
server provides a response that is valid in the botnet’s protocol [..]

Here is the project web site.