By Joaquim P. Menezes -
It’s called “HoneyJax” and no, it isn’t another donut brand.
It’s a set of apps meant to minimize and foil Web 2.0 threats - so says the release on my desk.
The modus operadi: emulate user behavior within social networking apps to uncover threats before they spread.
In other words, attract hackers and malicious code before neutralizing them - or "bait (hence the honey) and then exterminate."
HoneyJax has been developed by Web security software vendor Websense and apparently relies on the same strategy used by other Websense “honey-based systems”, such as Honeypots and Honeyclients.
HoneyJax – and similar technologies from other vendors – remind us that Web 2.0 tools and sites present some very real dangers.
They expose companies to serious security risks, even as they enable incredible benefits.
What’s more, traditional approaches (collecting virus samples, developing patterns, and quickly distributing these to users) don’t work very well in countering these Web threats. There are two mains reasons for that:
- Many of these are targeted attacks, spanning many variants, so collecting samples is almost impossible.
- Attacks are launched via multiple vehicles (e.g., spam, instant messaging, and Web sites), rendering the traditional sample collection and pattern creation process insufficient.
Experts who have studied the problem suggest an approach that uses multiple layers and many types of protection. They also recommend a feedback mechanism, by which information gathered in one portion of the protection system is used to update information in other layers. The good news is the industry has woken up early to these threats. How? During my interview with her a couple of months ago, TrendMicro CEO Eva Chen cited examples of technology her company has developed to help end users stay ahead of the game. After discussing how online criminals hack into well known social networking sites, and use pages on these sites to disseminate viruses and other types of malware, Chen noted that “two can play the same game.” As an example of how social networking tools can be used to fight online crime, she cited the example of HijackThis!, the tool from the company of the same name that TrendMicro acquired earlier this year. HijackThis is a free utility that quickly scans the user's Windows computer to find settings that may have been changed by spyware, malware or other unwanted programs. The tool creates a report, or log file, with the results of the scan. Chen said TrendMicro bought HijackThis, not just to gain access to this software. "Rather, we wanted to gain access to this entire community of users – users that help one another defeat security threats."
This "communitarian spirit", she said, was clearly evident when HijackThis! was released under the TrendMicro's label. "We added just one additional feature: Collect the Log." On the very first day, Chen said, TrendMicro received 2,000 logs from customers, and that number continued to mount over the weeks. "We used these logs for data mining, [and this helped us] understand the latest attacks and develop antidotes – rules that would identify and counter the new species of bots."
She said a TrendMicro free anti-botnet service codenamed: Are you being botted? is being developed , based on this feedback.