Forum latest

Researchers 'Spy' on Web Attackers
Written by Daniel   
Thursday, 15 November 2007 10:49

Undercover' research finds banner ad/click-fraud, spam – and automated attacks – dominate

NOVEMBER 14, 2007 | 2:24 PM
By Kelly Jackson Higgins
Senior Editor, Dark Reading

Researchers with the Web Application Security Consortium (WASC) are hitting Web attackers and spammers where they live and hide out -- in open Web proxy servers. According to the latest findings by WASC, banner ad/click-fraud and spam ranked as the most common traffic visiting the organization's honeynet of decoy proxy servers for tracking real Web attacks.

Open proxies are an attacker's camouflage, providing them with anonymity in their requests to the Web. WASC's honeynet researchers are basically using the attackers' own tool against them, with fake open proxies in the honeynet. "I know that attackers use open proxies, so you can't always track them down. So I turned the tables on them," says Ryan Barnett, an officer with WASC and director of application security training for Breach Security.

Barnett, who heads up the WASC honeynet project, says the researchers have put in controls so that attackers can't loop through the honeynet to attack other sites, however. "If the traffic is normal or benign, we do proxy it through and it goes to its destination. If we see a live attack, we block it, and also spoof back some information to the attacker, such as HTTP status codes," Barnett says. "We want to see what the bad guys are really doing" in their Web attacks, he says.... More    Comment in the the Forums

Don't Click Here Don't Click Here Either