Amun: Automatic Capturing of Malicious Software

Date Added: Jul 2010
Format: PDF

This paper describes the low-interaction server honeypot Amun. Through the use of emulated vulnerabilities Amun aims at capturing malware in an automated fashion. The use of the scripting language Python, a modular design, and the possibility to write vulnerability modules in XML allow the honeypot to be easily maintained and extended to personal needs. Autonomously spreading malware is among the main threats in todays' Internet. Worms and bots constantly scan large network ranges worldwide for vulnerable machines to exploit. Compromised machines are then used to form large botnets for example to perform distributed denial of service attacks, send out masses of email spam, or to compromise even more machines.