Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Apr 3, 2012
Most honeypots require malware to fulfill certain criteria in order to capture it. An SSH honeypot, for example, targets malware that attacks SSH servers, an HTTP client honeypot aims at malware that is distributed by web servers. However, it is almost always required that the targeted malware somehow spread via computer networks. And here the problem arises. Examples such as Conficker and Stuxnet, among others, have shown that it is possible - in some cases even necessary - for malware to spread via another medium: They propagate on USB sticks, completely independent from any network. Our honeypots are hardly able to detect such malware if it does not use networks as well. So what to do? In the talk we will discuss the concept of a honeypot that focusses on such USB malware - malware that propagates via USB storage devices - and find a way to detect the malware without any further knowledge. We will outline the idea and take a look at its implementation