Amun - Technical Report
I finally managed to finish my technical report on the Amun honeypot. I have tried to document all aspects of the software, so others can understand it. Maybe now it is more easy for others to contribute new modules. The PDF document is available here.
Abstract:
In this report we describe a low-interaction honeypot, which is capable of capturing autonomous spreading malware from the internet, named Amun. For this purpose, the software emulates a wide range of different vulnerabilities. As soon as an attacker exploits one of the emulated vulnerabilities the payload transmitted by the attacker is analyzed and any download URL found is extracted. Next, the honeypot tries to download the malicious software and store it on the local harddisc, for further analyses. As a result, we are able to collect at best unknown binaries of malware that automatically spreads across the network. The collected samples can for example be used to help anti-virus vendors improve their signatures.