14 DAY TRIAL // The Honeynet Project has released the first public version of a malware honeypot they call Ghost.
The software is able to capture malware that propagates via USB storage devices and the best part is that it doesn’t depend on signatures to perform the task.
“Detection is achieved by emulating a USB flash drive on Windows systems and observing the emulated device. The assumption is that on an infected machine the malware will eventually copy itself to the removable device,” Sebastian Poeplau, a student at Bonn University in Germany and one of the contributors to the project, wrote.
Poeplau first unveiled Ghost at the 2012 Honeynet Project workshop that took place in the San Francisco Bay Area back in March.
In the presentation he made at the time you can see an example in which he used Ghost to observe how the infamous Conficker malware infected the virtual USB drive.
The team that currently works on the project plans on extending Ghost's reporting capabilities.
The source code, along with instructions on how it can be installed are available here.