Groups Uses Honey Pots to Track Threats

By | December 8, 2004

Imlogic announced today that they will begin using “honey pots” to track malicious activity in instant messaging (IM) and peer-to-peer (P2P) networks. The move was announced in partnership with nearly every major IM and P2P company in the world.

The deal allows Imlogic to create a “Threat Center” which it will use to gather intelligence as well as to provide earlier warnings of viruses or other widespread issues on.

The Threat Center initiative revolves around the controversial honey-potting technique used to monitor and track illegal intrusions on a host or network that has been deliberately exposed with known security vulnerabilities.

Honey pots have been used in the past—mostly in e-mail environments—to trap malicious hackers and to collect data on the way intruders operate. Information collected in honey pots is typically used to power early warning and prediction systems.

According to IMlogic chief executive Francis deSouza, the company will manage a system of honey pots running on IM networks powered by America Online Inc., Yahoo Inc., Microsoft Corp., IBM Corp. and Jabber.

“These are IM honey pots that are specially created. They shouldn´t be receiving any IM traffic outside of spam or malware so when we detect any activity on those IMs, it sets off a warning,” deSouza said in an interview with eWEEK.com.

deSouza declined to say how many honey pots had been deployed or how the company planned to work around the legal ramifications of using the technique. In the past, the use of honey pots has raised questions about whether it constitutes entrapment.

“We´ve obviously paid attention to the mistakes made by e-mail honey pots. There is a preferred way to deploy honey pots and we have the advantage of launching now and incorporating everything we´ve learned from the e-mail honey pots,” deSouza said.

Among other things, the data from the Threat Center´s honey pots will be used to create a knowledge base of IM/P2P viruses and worms and an alerts-and-notification mechanism (by e-mail and IM) of new and emerging threats for subscribers.

Leave a Reply