A Preliminary Investigation into Malware Propagation on Australian ISP Networks using the mwcollect Malware Collector Daemon

ABSTRACT

This paper describes an initial investigation into the propagation of malicious software (malware) that allows for remote command and control of Internet connected machines using the Windows platform in the Australian ISP address space. The research as conducted utilised the mwcollect daemon which is a low interaction honeypot on the Linux platform, to collect the details about the activity. The program mwcollect works by emulation of vulnerable services on the target platform in this case Windows based computers. There were two collectors within the pilot collection system. The machines were running no other Internet services such as http or mail, and were not used by any person - they were simply connected to the Internet. The machines are located on two separate ISP networks and they both utilised high-speed ADSL connections connected to different segments of the Australian ISP network.

The malware collected is a variety of known exploits that allow for remote execution of code as well as known and unknown shellcodes that enabled attacks. General results from the initial scoping exercise are given and discussed.


AUTHORS

E-commerce Security and Risk Management, Edith Cowan University
Australia

Craig Valli is a member of the School of MIS at Edith Cowan University where he lectures in E-commerce Security and Risk Management. He is currently completing a DBA and is pursuing a thesis in the area of Network Security. Mr Valli’s professional background is in network and security management. His research interests are in active network monitoring, defensive deception, intrusion detection, social engineering and trust.

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Quick Links

View the latest issue of JIW.

Latest Edition

Purchase a subscription to JIW.

Subscribe

Keywords

A

AI
APT

C

C2
C2S
CDX
CIA
CIP
CPS

D

DNS
DoD
DoS

I

IA
ICS

M

S

SOA

X

XRY

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

Registered Agent and Mailing Address

  • Journal of Information Warfare
  •  ArmisteadTEC
  • Dr Leigh Armistead, President
  • 1624 Wakefield Drive
  • Virginia Beach, VA 23455

 757.510.4574

 JIW@ArmisteadTec.com