Feed

MalNET

Posted on December 20th, 2010 in Domain News by dglosser

From byteninja.net:

MalNET serves as a low interaction HTTP server which responds with a ’200 OK’ for every request. When a malware attempts to retrieve http://bad.malwaredomain.com/som/bad/file.exe, MalNET basically says ‘yep, OK, here it is’ and then does nothing. To make this work you will need to run some sort of blackhole DNS setup in your environment such as the one on offer from malwaredomains.com. Once you have traffic redirected to your MalNET host, you should be able to see what the malware is trying to download.

Comments are closed.