[Dshield] file sharing honeyfile idea

Johannes Ullrich jullrich at sans.org
Thu Aug 8 12:30:42 GMT 2002

   Thinking about some discussions I had recently about using
file sharing systems to distribute malware, I was wondering if
there is a windows programmer out here interested in producing
a binary, that will, when executed, show a dialog like 
'click ok to run this program. By doing so, your IP will
be sent to ...'. This program should, once executed, hit
a particular 'counter url'. Also, the program should contain
the EICAR virus test signatur.

   The idea behind this:

place this binary, named 'meninblackII.exe' in some
file sharing repository, and see how many people will run it.
The program will do nothing else then show the message and
access a special URL that we can use to count... (the URL
will be accessed after the user clicks 'ok').

anybody willing to write something like this? Are there any
technical or legal problems I am overlooking?

This should allow us to count how many gullible users are
willing to execute everything they find...

jullrich at sans.org             Collaborative Intrusion Detection
                                    join http://www.dshield.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/list/attachments/20020808/2471b9ed/attachment.bin

More information about the list mailing list