HoneyMonkey

HoneyMonkey, short for Strider HoneyMonkey Exploit Detection System, is a Microsoft Research honeypot. The implementation uses a network of computers to crawl the World Wide Web searching for websites that use browser exploits to install malware on the HoneyMonkey computer. A snapshot of the memory, executables and registry of the honeypot computer is recorded before crawling a site. After visiting the site, the state of memory, executables, and registry is recorded and compared to the previous snapshot. The changes are analyzed to determine if the visited site installed any malware onto the client honeypot computer.[1][2]

HoneyMonkey is based on the honeypot concept, with the difference that it actively seeks websites that try to exploit it. The term was coined by Microsoft Research in 2005. With honeymonkeys it is possible to find open security holes that are not yet publicly known but are being exploited by attackers.

  1. ^ Naraine, Ryan (19 May 2005). "Strider HoneyMonkey: Trawling for Windows Exploits". eWeek.
  2. ^ Lemos, Robert (9 August 2005). "Flies swarm around MS Honeymonkey. Project sniffs out malicious code". The Register UK.