.:: MalwareInfo.Org Link Gallery ::.

Some Good Reference Websites

Online Security

About.com Internet/Network Security - http://netsecurity.about.com/index.htm
Featuring articles and web links on Internet and network security for the Unix and Windows platforms.

Common Vulnerabilities and Exposures - http://www.cve.mitre.org/
A searchable database of internet security problems.

Dingbat's Warehouse - http://www.thebyteshow.com/
Information about viruses, intrusion detection software, personal firewalls, and privacy. Hosts a streaming webcast called The Byte Show on security-related topics; CD-ROMs of interviews and software available.

Dutch Security Information Network - http://www.dsinet.org/
Security news and links in English and Dutch.

Firstmonday - Covert Channels in the TCP/IP Protocol Suite - http://www.firstmonday.org/issues/issue2_5/rowland/
Article on how to secretly transmit information using TCP headers.

Google Online Security Blog - http://googleonlinesecurity.blogspot.com/
News and insights from Google on security and safety on the Internet.

Google Online Security Blog - http://feeds.feedburner.com/GoogleOnlineSecurityBlog?format=xml
News and insights from on security and safety on the Internet.

Intrusion Detection FAQ - http://www.sans.org/resources/idfaq/
Frequently asked questions about intrusion detection, from the SANS Institute.

ITsafe - http://www.itsafe.gov.uk/
UK government security service to help protect computers, mobile phones and other devices from malicious attack. Offers advice, bulletins, glossary, library and links plus an alerting service.

My online security - http://www.myonlinesecurity.com
Security portal, providing internet security related news, resources, tools and services.

Network Security, Filters and Firewalls - http://www.acm.org/crossroads/xrds2-1/security.html
General introduction to network security issues and solutions in the Internet

Stay Safe Online - http://www.staysafeonline.info/
Tools and resources to empower home users, small businesses, schools and universities to stay safe online.

SuraSoft - http://www.surasoft.com/
Offers news, tutorials, articles, and forum.

W3C Security Resources - http://www.w3.org/Security/
Links to security initiatives such as PICS Signed Labels, and XML-DSig. (W3C)

Associations

Association for Automatic Identification and Mobility - http://www.aimglobal.org
Global trade association for the Automatic Identification and Data Capture (AIDC) industry, representing manufacturers, consultants, system integrators, and users involved in technologies that include barcode, RFID, card technologies, biometrics, RFDC, and their associated industries.

Association for Information Security - http://www.iseca.org/
Non-profit organization aiming to increase public awareness and facilitate collaboration among information security professionals worldwide. Offers security documents repository, training, news and joining information. Headquarters in Sofia, Bulgaria.

Computer Security Institute - http://www.gocsi.com/
Organization for information, computer and network security professionals. Includes details of upcoming events and seminars and monthly newsletter for members.

First - http://www.first.org/
Forum of Incident Response and Security Teams.

Forensic-computing.co.uk - http://www.dcmt.cranfield.ac.uk/dois/cffc
Provides links to organisations involved in one or more aspects of forensic computing.

Information Systems Audit and Control Association - http://www.isaca.org/
Worldwide association of IS professionals dedicated to the audit, control, and security of information systems. Offer CISA qualification and COBIT standards.

IntoIT - http://www.nao.gov.uk/intosai/edp/index_to_intoit.htm
The journal of the INTOSAI EDP Audit Committee. Its main focuses are on information systems auditing, IT performance auditing, and IT support for auditing.

ISSA - International Systems Security Association - http://www.issa.org/
An international non-profit organization of information security professionals and practitioners. It provides education forums, publications and peer interaction opportunities.

North Texas Chapter ISSA - http://issa-northtexas.org/
The Dallas and Fort Worth chapter of the Information Systems Security Association (ISSA).

RCMP Technical Security Branch - http://www.rcmp-grc.gc.ca/tsb/
Canadian organization dedicated to providing federal government clients with a full range of professional physical and information technology security services and police forces with high technology forensic services.

Switch-CERT - http://www.switch.ch/cert/
Swiss CERT-Team from the Swiss research network (Switch).

The Shmoo Group - http://www.shmoo.com/
Privacy, crypto, and security tools and resources with daily news updates.

Spywares

0-Day Exploits and Tutorials - http://www.datastronghold.com
DataStroghold.com Unveils how exploits and other hacking techniques are performed, in a clear and concise method. Frequently updated and always interesting.

Canvas Exploit Platform - http://www.immunitysec.com/index.shtml
A commercial exploit platform similar to metasploit. Has built in memory resident shells that are cleared when the machine is rebooted. Perfect for cleaning up after a penetration test.

Ethical Hacking Course - http://www.infosecinstitute.com/courses/ethical_hacking_training.html
Commercial hacker training course on how to write and use exploits.

Exploiting Caller ID - http://www.artofhacking.com/orange.htm
The Software Orange Box is a free proof-of-concept tool which can spoof most forms of North American Caller ID.

FrSIRT Exploits Archive - http://www.frsirt.com/exploits/
Archive of current 0day exploits from European and Asian sources. French and English language content provided.

Fyodor's Exploit World - http://insecure.org/sploits.html
A large and descriptive exploit archive organized by affected operating systems.

Hack A Day - http://www.hackaday.com/
A hardware hack every day.

Ill Mob - http://www.illmob.org/
Home of a number of 0-day exploit authors. Many creative Trojan droppers and methods are released here.

malware.com - http://www.malware.com/
A group that develops as well as discloses software exploits on many of the security mailing lists. Mainly specializing with Microsoft Office and Internet Explorer Vulnerabilitys.

Metasploit Project - http://metasploit.org
The Metasploit Project is an open source computer security project which provides information about security vulnerabilities and aids in penetration testing and IDS signature development. Its most well-known sub-project is the Metasploit Framework, a tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the Opcode Database, shellcode archive, and security research.

milw0rm.com - http://www.milw0rm.com
Exploit database separated by exploit type (local, remote, DoS, etc.)

PacketStorm Security - http://www.packetstormsecurity.org/
Packet Storm is a non-profit organization comprising computer security professionals that are dedicated to providing the information necessary to secure the networks world-wide. It publishes new security information on a global network of websites. The organization offers an abundant resource of up-to-date and historical security tools, exploits, and advisories. It provides network security professionals, researchers, and all other interested individuals with the ability to analyze and learn from the tools, processes and mindsets of their opponents, as well as offering the tools needed to build and test defenses against them.

Phenoelit - http://phenoelit.de/fr/tools.html
Custom built network tools designed to take advantage of the exploits within many network hardware systems. Also the home of the k0ld LDAP brute force utility. A must have for many professional penetration testers.

PullThePlug WarGames - http://www.pulltheplug.org/
Place for Programmers and Hackers to hone their technical skills by completing challenging wargames and Programming Challenges. Including Network Programming, Defeating PaX, Buffer/Heap Overflows, Format Strings etc.

Security Focus - http://www.securityfocus.com
Provides security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs.

Security Tracker - http://www.securitytracker.com
Archive of exploits and security advisories

Security-Protocols Exploit News - http://www.security-protocols.com
A up to date security and exploit portal, provides commentary on many popular exploits as they develop in the wild.

SecWatch - http://www.secwatch.org
A site dedicated to the latest in security - all the latest and archived exploits and vulnerabilities.

AIM: Getting More than You Bargained For - http://www.esecurityplanet.com/views/article.php/3549656
eSecurityPlanet columnist Ray Everett-Church says AOL's Instant Messenger software gives him more than he bargained for.

Anti-Spyware Coalition - http://www.antispywarecoalition.org
A group dedicated to building a consensus about definitions and best practices in the debate surrounding spyware and other potentially unwanted technologies.

AntiSpy Web - http://www.antispyweb.com/
Anti-spyware software downloads, prevention articles, and live threat alerts.

AntiVirusHelp - http://www.freeantivirushelp.com/
Provides step-by-step anti-spyware and firewall installation instructions intended for novice users.

AnySpyware - http://www.anyspyware.com/
An article database that also includes human HijackThis log analysis.

Ben Edelman - http://www.benedelman.org/
Doctoral student involved in spyware related research and investigations into associated unethical practices. Includes research papers, news, biography and presentations given.

CEXX Org - Counterexploitation - http://www.cexx.org/adware.htm
Detailed descriptions of various spyware, adware, and other parasitic software. Includes instructions for removing many common and not-so-common spyware and adware programs.

Check Processes - http://www.checkprocesses.com/
Online application that scans screenshots of the Windows Task Manager and analyzes listed processes for possible infections.

Complete Computer Security - http://home.nc.rr.com/woodsmall/security.htm
A multitude of links assembled by David Woodsmall to articles and websites pertaining hacker and threat protection.

Computer Security Advisor - http://www.cosead.com/index.php
A beginner's guide that explains the basics of the levels of intrustion, and tells what to look for in programs which defend against each.

D. Dugan & Company - http://dugancom.com/spyware/
A collection of articles about spyware removal and protection tactics, all of which are written by users.

Database of Spyware Project - http://www.databaseofspyware.com/
Open database provides information on spyware and other malware, along with manual removal instructions.

Destroy Adware - http://www.destroyadware.com/
Provides definitions of common malware terms and tutorials on how to protect against malware.

Doxdesk - http://www.doxdesk.com/
Information on how to prevent infection, lists of reputable and rogue products, database of known parasites and glossary of terms.

Free Internet Security.info - http://www.freeinternetsecurity.info/
News, articles, guides, and information about how to keep computers secure from spyware and adware.

FreeSpywareFixes - http://www.freespywarefixes.com
A collection of articles that pertain to Spyware and Adware, all by different authors.

It Pays To Read License Agreements - http://www.pcpitstop.com/spycheck/eula.asp
Explains that if a person gets spyware and adware on his or her computer, it could be because he or she agreed to it.

MalekTips - http://malektips.com/removing_spyware_and_adware_help_and_tips.html
Software-specific tips provided for several popular antispyware applications.

Malware Help.org - http://www.malwarehelp.org/
News article database featuring articles submitted by users about malicious software threats.

Malwarebytes - http://www.malwarebytes.org/
Service offering removal tools and prevention advice.

McAfee SiteAdvisor Blog - http://blog.siteadvisor.com/
A blog published by the McAfee SiteAdvisor team pertaining discovered spyware companies and tactics.

Nevyan's Tips and Tricks - http://nevyan.blogspot.com/
Blog with assorted articles on spyware commingled with other computer-related articles.

Pctorium Computer Management - http://www.pctorium.com
A website dedicated to helping users learn about computers and how to fix spyware, adware, viruses, trojans or any other issues you may have.

Process ID - http://www.processid.com/index.html
List of common Windows processes with information on what they are and if they are a threat to a PC. Additionally includes a list of software used to remove spyware and viruses.

ProcessLibrary - http://www.processlibrary.com
Windows processes listed by name; a resource for determining whether a particular process is necessary, superfluous or even harmful.

Security Cadets - http://www.securitycadets.com/
A resource with guides for novice users and news about the spyware field, with a discussion help forum.

SecurityFocus - http://www.securityfocus.com/infocus/1829
Article about spyware keyloggers, how they work, how to remove them and prevention of keystroke capture.

Spy Watchman - http://www.spywatchman.com/
Weblog and news site regarding developments and removal tips.

Spyware Adware Removal - http://www.spywareadwareremoval.co.uk/
A database of spyware-related articles and weblog entries.

Spyware Alert - http://www.spywarenews.org/
An archive of spyware-related news articles.

Spyware Daily - http://www.spywaredaily.com
Spyware news blog with news about the latest threats and news from the industry.

Spyware Killa - http://www.geocities.com/spywarekilla/
Information on harmful programs is provided with instructions on how to remove them from the computer and a list of malicious cookies.

Spyware Removal - http://www.re-quest.net/computers/spyware/index.htm
Information and resources regarding spyware and how to remove it. Get up-to-date information and removal instructions regarding the latest spyware and adware threats.

Spyware Removal Tutorial - http://spyware-removal.digitalcrunch.com
Several articles about how to find remove and prevent spyware. Includes an optimization tutorial as part of the clean up process.

Spyware Security - http://www.spywaresecurity.net/
A weblog with news articles pertaining to internet and spyware protection.

Spyware Sucks - http://msmvps.com/blogs/spywaresucks/
News and analysis of emergent malware threats.

Spyware Warrior - http://spywarewarrior.com/
Blog of spyware news developments, testing results for anti-spyware products, details of rogue products and forums providing advice and support for people with spyware infections.

Spyware Warrior - http://netrn.net/spywareblog/
Weblog waging war against spyware.

Spyware's Most Wanted - http://www.removingspywareforfree.com
Instructions for beginners on how to install and use the most common paid and free anti-spyware products.

SpywareInfo - http://www.spywareinfo.com/
Forums offering assistance on spyware removal. Also offer a weekly newsletter, a chat room and an online scan provided by XBlock.

TeMerc Internet Countermeasures - http://temerc.com/
Information on preventative measures, details of the malware community good guys and bad guys, and of specific spyware threats. Includes help forums.

The Art of Noh - http://www.noh.ro/blog/
A weblog on security, spyware, viruses and malware in general by Costin G. Raiu.

The Perfect Computer - http://phoenixspyware.googlepages.com/
Advice for novice users on which free anti-spyware software applications to install on their systems.

Trend Labs Anti-Malware Blog - http://blog.trendmicro.com/
A blog published by Trend Micro reporting on recent malware outbreaks and discovered software exploits.

Unwanted Links - http://www.unwantedlinks.com/intro.htm
Explains the threat of malicious software, how to detect it, and how to remove it. Also discusses who it affects and how it affects them.

Vitalsecurity.org - http://www.vitalsecurity.org/
A blog concerning spyware, malware, and mistakes that several of the big computer companies make.

Webhelper's CWS Diaries - http://webhelper4u.net/whmembers/index.htm
An online diary about the dealings of the companies that publish and distribute spyware and other threats.

What-is-exe Process Database - http://www.what-is-exe.com/
Directory of computer processes, including those associated with spyware applications.

Wikipedia - Spyware - http://en.wikipedia.org/wiki/Spyware
A very detailed look at what spyware is, how it attaches itself to computers, and the common methods of prevention.

Trojans

Anti-Trojan Security News - http://anti-trojan.compiac.net/
News and information for protecting from trojans, viruses and other malicious software.

Anti-Trojan Shield - http://www.atshield.com/
Trojan horse detection and removal software.

Anti-trojan.org - http://www.anti-trojan.org
Includes detailed information on trojans, startup methods, and default backdoor ports.

Antiy Labs - http://www.antiy.net/
Ghostbusters tool detects and removes trojans and worms. Package includes security configuration tools. [Windows]

Dark Eclipse Software - http://www.dark-e.com
Trojan removal information, ICQ, and AIM security issues.

Emsi Software GmbH - http://www.emsisoft.com/en/
a² personal, malware scanning and removal software. Product information, support forums and downloads. [Windows]

GFI Software Ltd - http://www.trojanscan.com/
Free online trojan scanner. [Windows, IE5+]

Jammer - http://www.agnitum.com/
Protects you against NetBus, Back Orifice 1.x and BO2K.

LockDown Corp - http://www.lockdowncorp.com/
Hacker eliminator software, monitors for hacker activity, scans and removes trojans. [Windows]

LuoSoft - http://www.luosoft.com/
Iparmor, trojan scanning and removal software. [Windows]

Mischel Internet Security - http://www.misec.net/
TrojanHunter software scans for and removes trojans. Product details, ordering and support forums. [Windows]

MooSoft Development LLC - http://www.moosoft.com/
The Cleaner, malware removal software. Product information, downloads, searchable trojan database. [Windows]

PestPatrol, Inc. - http://www.pestpatrol.com/
Detects and removes hacker tools, DoS attack agents, trojans and spyware. Features white papers, corporate sales, FAQs, and product tour.

Privacy Software Corporation - http://www.nsclean.com/
BOClean, trojan scanning and removal software. Product information and on-line ordering. [Windows]

Purge-it - http://www.purge-it.com/
Generic Trojan Removal Program.

RegRun Security Suite - http://www.greatis.com/security/
Registry monitor offering protection from trojans

Trojan Downloads - http://www.geocities.com/trojan_downloads/
A collection of programs designed to remove trojan-related threats from a home computer and a list of trojans with the ports they affect.

Trojan Guarder - http://www.your-soft.com/
Trojans and virus scanning and removal software. Downloads and ordering.

Trojan-virus.com - http://www.trojan-virus.com/
Reviews of a number of trojan scanning and removal products.

Viruses

AskMen.com - How To: Keep Your Computer Virus-Free - http://www.askmen.com/fashion/how_to_60/66_how_to.html
Article with basic advice on virus prevention, and a primer on computer virus terminology.

Burton Systems Software - Virus Avoidance Advice - http://www.burtonsys.com/virus_advice.html
Advice for avoiding and recovering from computer virus infections, mostly for users of Microsoft Windows. Includes links to many free tools and other resources.

BusinessWeek Online - Mydoom's Most Damning Dynamic - http://businessweek.com/technology/content/jan2004/tc20040128_7597_tc047.htm
Points out that Mydoom was so damaging only because so many individual net users were so unprotected despite education efforts that apparently do not have any significant effect on user behavior.

comp.virus Newsgroup FAQs - http://www.faqs.org/faqs/by-newsgroup/comp/comp.virus.html
FAQs from the comp.virus newsgroup

Computer Associates Virus Encyclopedia - http://www3.ca.com/securityadvisor/virusinfo/browse.aspx
Computer Associates alphabetical virus database. Searchable with clear descriptions of common viruses.

Computer Associates Virus Information Center - http://www3.ca.com/securityadvisor/virusinfo/default.aspx
Virus information from makers of eTrust Antivirus (formerly known as InoculateIT).

Computer Virus Myths - http://www.vmyths.com/
The canonical reference for computer virus myths, hoaxes, and urban legends.

Computer Viruses In Unix Networks - http://www.cybersoft.com/whitepapers/papers/print/networks_print.html
Paper which examines in detail the problem of computer viruses as they relate to Unix and Unix-like systems.

davebauer.net - Avoiding Viruses - http://www.davebauer.net/avoiding_viruses.asp
Information to help computer users learn how to protect computers from viruses and hackers.

Doug Muth's Anti-Virus Help Page - http://www.claws-and-paws.com/virus/
Independent site with FAQs, papers, and other antivirus resources.

EICAR test file - http://www.eicar.org/anti_virus_test_file.htm
Provides a standardized test file for signature based virus detection software. This file can be used to verify the correct operation of antivirus software without unnecessary exposure to viruses.

European Institute for Computer Anti-Virus Research (EICAR) - http://www.eicar.org/
Combines universities, industry, media, technical, security, and legal experts from civil and military government and law enforcement as well as privacy protection organizations whose objectives are to unite non-commercial efforts against writing and proliferation of malicious code like computer viruses or Trojan Horses, and against computer crime and fraud.

Examples of Malicious Computer Programs - http://www.rbs2.com/cvirus.htm
Long essay that describes harm done by major computer viruses or worms, and discusses the nonexistent or lenient punishment for the authors or distributors of these malicious programs.

F-Secure Virus Information Centre - http://www.f-secure.com/v-descs/
A searchable database of virus descriptions, from the provider of F-Secure range of anti-virus software.

Fire Antivirus Kit - Virus Information Library - http://www.fireav.com/virusinfo/library/
Provides detailed information on viruses

How Stuff Works: Computer Virus - http://www.howstuffworks.com/virus.htm
Multipart tutorial describes how computer viruses work.

IBM's Antivirus Research - http://researchweb.watson.ibm.com/antivirus/
News and information about virus prevention, the latest in IBM's research, virus alerts, and lists of the latest hoaxes and hype.

Lets have fun with EICAR - http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0307&L=ntbugtraq&F=P&S=&P=1734
Article showing how to test the effectiveness of anti-virus heuristics using modifications of the EICAR test file.

McAfee Virus Information - http://us.mcafee.com/virusInfo/default.asp
Virus alerts, mailing list, and searchable descriptions of common viruses.

OpenAntiVirus Project - http://www.openantivirus.org/
Project aimed at developing open source antivirus software comparable to current commercial offerings.

Panda Software Virus Laboratory - http://www.pandasoftware.com/virus_info/encyclopedia/
Up to date and in-depth descriptions of the most common viruses by Panda Software, makers of Panda Antivirus Platinum.

Personal Home page - Ferrie, Peter - http://pferrie.tripod.com/
Various research papers on computer viruses

Personal Home Page - Gordon, Sarah - http://www.badguys.org/
Various papers on computer viruses, computer security, and ethics.

Personal Home Page - Harrold, Robert - http://www.harrold.org/rfhextra/antivirus.html
Massive collection of antivirus links and news.

Personal Home Page - Szor, Peter - http://www.peterszor.com/
Research papers on computer viruses written by Peter Szor. The site covers Windows viruses and worms and the development of polymorphic and metamorphic viruses.

RAV Virus Encyclopedia - http://www.ravantivirus.com/pages/virus.php
Virus Encyclopedia provided by RAV - Reliable AntiVirus.

Secunia - Virus Information - http://secunia.com/virus_information/
Collects virus information from multiple anti-virus vendors, and the collected information is grouped and indexed. When certain conditions are met virus alerts are generated and can be emailed.

Softpanorama University Skeptical Antivirus page - http://www.softpanorama.org/Antivirus/index.shtml
A skeptical look at anti-virus protection.

Solo Antivirus - Virus encyclopedia - http://www.srnmicro.com/virusinfo/
Contains details about latest virus alerts and wide spread virus information.

Sophos Virus Analyses - http://www.sophos.com/virusinfo/analyses/
This Sophos database holds the latest virus names and descriptions.

Symantec AntiVirus Research Center - http://www.symantec.com/security_response/index.jsp
Virus Encyclopedia site maintained by Symantec, makers of the popular Norton AntiVirus product.

Team Anti-Virus - http://www.teamanti-virus.org/
An organization for independent anti-virus researchers to facilitate communication, collaboration, and public education. Publishs and links to many papers written by independent researchers.

The Art Of Noh - http://www.noh.ro/blog/index.rdf
A weblog on computer security, viruses, worms, trojans and other types of malicious software by Costin G. Raiu.

The WildList Organization International - http://www.wildlist.org/
Organization which maintains a list of computer viruses which are still found "in the wild".

Trend Virus Encyclopedia - http://www.trendmicro.com/vinfo/
Trend Micro issues regular advisories regarding new viruses, including a guide to avoiding them in the first place. Site covers risk factor of the newest viruses. lists top ten virus and offers a security alert archive.

Virus Bulletin - http://www.virusbtn.com/
News and technical articles on developments on viruses and anti-virus products.

Virus Hoax - http://www.virushoax.net
Virus Hoax is a website dedicated to providing valuable information about internet and computer security, and a central location for finding out about current threats.

Virus or Hoax? - http://virusall.com/
Created to provide basic information about viruses. Links to major anti-virus companies, public services, software downloads, and updates.

VirusList.com - http://www.viruslist.com
Permanently replenishing information about new viruses. Mechanisms of breeding and operation, detailed analysis of algorithms of viruses. Methods to guard against computer viruses.

Windows Startup Tasks - http://www.pacs-portal.co.uk/startup_index.htm
Massive listing of tasks that may be running on a Windows system at startup, including tasks which may be created by viruses, worms, spyware, and trojans

Worms

Anti Trojan Software Reviews - http://www.anti-trojan-software-reviews.com
A survey of trojan remover programs by Tech Support Alert.

eSafe - http://www.aladdin.com/esafe/default.asp
Protection software/hardware that prevents worms and viruses from infecting corporate gateways.

Intrinsic Security - FireBreak AntiWorm - http://intrinsicsecurity.com/
Appliance-based anti-worm product that provides defense against Zero-day worms. Detects and impedes worms without definitions or signatures.

Intrinsic Security FireBreak - http://intrinsicsecurity.com/anti-worm/
Anti-worm software by Intrinsic Security that uses a unique system to detect and impede the progress of worms on a computer network.

Kak removal instructions - http://defoort.free.fr/virus/kak.html
Describes manual removal procedures for the Kak email worm.

Honeypots

An Evening with Berferd - http://all.net/books/berferd/berferd.html
A hacker is lured, endured, and studied. One of the first examples of a honeypot. First published in 1992.

Anton Chuvakin Honeynet Reseach and Live Stats - http://www.chuvakin.com/honeynet/
Live honeynet data, papers produced as a result of the honeynet research and other honeypot and honeynet related resources.

Back Officer Friendly - http://www.nfr.com/resource/backOfficer.php
Created to detect when anyone attempts a Back Orifice scan against your computer. Also detects attempted connections to other services, such as Telnet, FTP, SMTP, POP3 and IMAP2.

Basted - http://basted.sourceforge.net/
A program that acts as a honeypot for spammers who use spambots to harvest email addresses from Web sites.

Building a GenII Honeynet Gateway - http://www.honeynet.org.es/papers/honeywall/
This is a short guide to build a GenII Honeynet Gateway, also called a Honeywall, under Linux, broaching the most common problems and providing several solutions and tips.

Capture - https://projects.honeynet.org/capture-hpc
A high interaction client honeypot. A client honeypot is a security technology that allows one to find malicious servers on a network.

Chinese Honeynet Project - http://www.honeynet.org.cn
The Artemis Project (Chinese Honeynet Project).

Client honeypot / honeyclient - http://en.wikipedia.org/wiki/Client_honeypot_/_honeyclient
Wikipedia article on client honeypots.

Deception ToolKit (DTK) - http://all.net/dtk/index.html
A toolkit designed to make it appear to attackers as if the system running DTK has a large number of widely known vulnerabilities.

Deploying and Using Sinkholes - http://www.arbornetworks.com/dmdocuments/Sinkhole_Tutorial_June03.pdf
Configuring and deploying Sink Hole Routers, which are the network equivalent of a honey pot.

fakeAP - http://www.blackalchemy.to/project/fakeap/
Generates thousands of counterfeit 802.11b access points for use as part of a honeypot or to confuse Wardrivers, NetStumblers, Script Kiddies, and other undesirables.

GHH - The "Google Hack" Honeypot - http://ghh.sourceforge.net/
GHH emulates a vulnerable web application by allowing itself to be indexed by search engines. It is hidden from casual page viewers, but is found through the use of a crawler or search engine.

Honeybee - http://www.thomas-apel.de/honeybee/
A tool for semi-automatically creating emulators of network server applications.

Honeyblog - http://honeyblog.org/
A weblog about with IT-security, honeypots, and honeynets.

HoneyBOT - http://www.atomicsoftwaresolutions.com/honeybot.php
A free windows based medium interaction honeypot solution.

HoneyC Low-Interaction Client Honeypot - https://projects.honeynet.org/honeyc/
A platform independent low interaction client honeypot that allows identify rogue servers on the web.

Honeyclient Development Project - http://www.honeyclient.org/trac
Honeyclient news, downloads, and information.

Honeycomb - http://www.cl.cam.ac.uk/~cpk25/honeycomb/index.html
A system for automated generation of signatures for network intrusion detection systems (NIDSs).

Honeyd - http://www.citi.umich.edu/u/provos/honeyd/
Small daemon that creates virtual hosts on a network (honeypot). Can be used as a virtual honeynet, for network monitoring, or as a spam trap. For *BSD, GNU/Linux, and Solaris.

Honeyd Control Center - http://zope.org/Members/Ioan/HoneydCenter
Honeyd configuration wizard, a SQL Interface, and reports.

HoneyNet Project - http://project.honeynet.org/
A community of organizations actively researching, developing and deploying Honeynets and sharing the lessons learned.

Honeynet Security Console (HSC) - http://www.activeworx.org/
HSC is an analysis tool to view events on your personal honeynet. View and correlate events from Snort, TCPDump, Firewall, Syslog and Sebek logs.

Honeynet.BR - http://www.honeynet.org.br/
Brazilian Honeypots Alliance. Includes tools to summaries honeyd logs, mydoom.pl (A perl script which emulates the backdoor installed by the Mydoom virus), and an OpenBSD LiveCD Honeypot.

Honeynet.org: Tracking Botnets - http://www.honeynet.org/papers/bots/
Paper on the use of honeynets to learn more about botnets. Covers uses of botnets, how they work and how to track them.

Honeypot + Honeypot = Honeynet - http://www.eweek.com/article2/0,4149,1244323,00.asp
Article discussing the creation of the Honeynet Project.

Honeypots - http://www.honeypots.net/
Information covering intrusion detection and prevention systems, research and production honeypots, and incident handling. Also provides general overview of network security issues.

Honeypots: Monitoring and Forensics Project - http://honeypots.sourceforge.net/
Techniques, tools and resources for conducting Honeypot Research and Forensic Investigation. White papers include monitoring VMware honeypots, apache web server honeypots, and VMware honeypot forensics.

Honeypots: Tracking Hackers - http://www.tracking-hackers.com/
White papers, mailing list and other resources related to honeypots.

Honeypotting with VMware - http://www.seifried.org/security/ids/20020107-honeypot-vmware-basics.html
An article about how to use VMware to produce honeypots to catch system intruders.

Honeypotting: The Complete Documentation - http://l0t3k.org/security/docs/honeypotting/en/
Index of over 75 papers on Honeypots.

Honeywall - https://projects.honeynet.org/honeywall
The Honeywall CDROM is a bootable CD that installs onto a hard drive and comes with all the tools and functionality for you to implement data capture, control and analysis.

Honeywall CDROM - http://www.honeynet.org/tools/cdrom/
A honeynet gateway on a bootable CDROM.

Impost - http://impost.sourceforge.net/
Impost can either act as a honey pot and take orders from a Perl script controlling how it responds and communicates with connecting clients; or it can operate as a packet sniffer and monitor incoming data to specified destination port supplied by the command-line arguments (pre-release version available).

Installing a Virtual Honeywall using VMware - http://www.honeynet.org.es/papers/vhwall/
This paper explains how to go about configuring VMware to deploy a Honeywall, combining the advantages offered by the Honeywall CDROM and the virtual environments.

KeyFocus - KF Sensor - Honey pot IDS - http://www.keyfocus.net/kfsensor/
A Windows honeypot designed to attract and detect hackers by simulating vulnerable system services and trojans.

Know Your Enemy: GenII Honeynets - http://www.honeynet.org/papers/gen2/
An Introduction to second generation honeynets (honeywalls).

Know Your Enemy: Learning more about phishing - http://www.honeynet.org/papers/phishing/details/index.html
A detailed analysis of phishing through compromised web servers.

Know your Enemy: Phishing - http://www.honeynet.org/papers/phishing/
This white paper aims to provide practical information on the practice of phishing and draws on data collected by the German Honeynet Project and UK Honeynet Project.

LaBrea Tarpit - http://labrea.sourceforge.net/
A program that creates a tarpit or, as some have called it, a "sticky honeypot".

Medium Interaction Honeypots - http://www.pixel-house.net/midinthp.pdf
Document outlines the weaknesses of different existing approaches to catch malware – especially bots – and shows how Medium Interaction Honeypots solves these problems.

MicroSolved, Inc. - http://microsolved.com/
Seller of HoneyPoint family of products.

MITRE Honeyclient Project - http://www.honeyclient.org
The first open source client honeypot.

mwcollect - http://www.mwcollect.org
A solution to collect worms and other autonomous spreading malware in a non-native environment like FreeBSD or Linux. Some people consider it a next generation honeypot, however computers running mwcollect cannot actually be infected with the malware.

Nepenthes - http://nepenthes.mwcollect.org/
A low interaction honeypot designed to emulate vulnerabilties worms use to spread, and to capture these worms.

Netbait - http://www.netbaitinc.com
Netbait Commercial Honeypot.

New Zealand Honeynet project - http://www.nz-honeynet.org
Papers and information on honeypots, especially application layer, e.g. PHP applications, from the New Zealand branch of the Honeynet project (http://www.honeynet.org/).

NoAH - http://www.fp6-noah.org/
European Network of Affiliated Honeypots.

Open Proxy Honeypot - http://www.webappsec.org/projects/honeypots/
Web Application Security Consortium Distributed Open Proxy Honeypot Project.

Philippine Honeynet Project, Philippines - http://www.philippinehoneynet.org
Philippine Honeynet Project. Includes transcript of a VMWare Honeynet using Windows XP / Windows 2000 as the base OS.

Project Honey Pot: Distributed Spam Harvester Tracking Network - http://www.projecthoneypot.org/
A free, distributed, open-source project to help website administrators track, stop, and prosecute spam harvesters stealing email addresses from their sites.

SCADA HoneyNet Project - http://scadahoneynet.sourceforge.net/
SCADA HoneyNet Project: Building Honeypots for Industrial Networks (SCADA, DCS, and PLC architectures).

SecurityDocs - Honeypots - http://www.securitydocs.com/Intrusion_Detection/Honeypots
Directory of articles, white papers, and documents on honeypots and other security topics.

SecurityFocus: Problems and Challenges with Honeypots - http://www.securityfocus.com/infocus/1757
Article discussing issues with Honeypot technology, focusing on dealing with the possibility of your Honeypot being detected (and potentially abused) by an attacker.

SecurityFocus: Defeating Honeypots - Network issues, Part 1 - http://www.securityfocus.com/infocus/1803
Article discussing methods hackers use to detect honeypots.

SecurityFocus: Defeating Honeypots: System Issues, Part 1 - http://www.securityfocus.com/infocus/1826
This two-part paper discusses how hackers discover, interact with, and sometimes disable honeypots at the system level and the application layer.

SecurityFocus: Dynamic Honeypots - http://www.securityfocus.com/infocus/1731
Honeypots that dynamically learn your network then deploy virtual honeypots that adapt to your network.

SecurityFocus: Fighting Internet Worms With Honeypots - http://www.securityfocus.com/infocus/1740
This paper evaluates the usefulness of using honeypots to fight Internet worms and perform counterattacks.

Securityfocus: Fighting Spammers With Honeypots - http://www.securityfocus.com/infocus/1747
This paper evaluates the usefulness of using honeypots to fight spammers.

SecurityFocus: Honeypot Farms - http://www.securityfocus.com/infocus/1720
This article is about deploying and managing honeypots in large, distributed environments through the use of Honeypot Farms.

SecurityFocus: Honeytokens -The Other Honeypot - http://www.securityfocus.com/infocus/1713
This paper discusses honeytokens, honeypots that are not computers, but rather digital entities that are stored in a restricted part of the network.

SecurityFocus: Microsoft looks to "monkeys" to find Web threats - http://www.securityfocus.com/news/11173
Article discussing how Microsoft have developed a series of Windows XP clients, dubbed "honeymonkeys", that crawl the Web finding sites that use unreported vulnerabilities to compromise unsuspecting users.

SecurityFocus: Wireless Honeypots - http://www.securityfocus.com/infocus/1761
Article discussing the use of honeypot technology to combat attacks on wireless networks.

Sombria Honeypot System - http://www.lac.co.jp/business/sns/intelligence/sombria_e.html
A honeypot system and "Honeypot Exchange Program."

SourceForge.net: Project - HoneyView - http://sourceforge.net/projects/honeyview
A tool to analyze honeyd-logfiles of the honeyd-daemon. Generates graphical and textual results from queries against the logfile data.

Spampoison - http://www.spampoison.com/
Website set up to deliver almost infinite numbers of bogus email addresses to email harvesting bots.

Spanish Honeynet Project - http://www.honeynet.org.es
Independent non-profit research organization of security professionals dedicated to information security focused on honeynet technologies.

spank - http://spank.sourceforge.net/
A collection of programs to deploy, run and analyse network and host simulations in IP networks.

SécurIT - http://securit.iquebec.com/
LogIDS, LogAgent, SécurIT Intrusion Detection Toolkit, and ComLog (a cmd.exe wrapper)

Talisker Security Wizardry: Honeypots - http://www.securitywizardry.com/honeypots.htm
Describes different commercial and freeware honeypots.

The Bait and Switch Honeypot System - http://baitnswitch.sourceforge.net/
A system that redirects all hostile traffic from your production systems to a honeypot that is a partial mirror of your production system. Once switched, the would-be hacker is unknowingly attacking your honeypot instead of the real data.

The Portuguese Honeynet Project - http://www.honeynet-pt.org
Information on their honeypot farm using HoneyMole.

The Strider HoneyMonkey Project - http://research.microsoft.com/HoneyMonkey/
Microsoft Research project to detect and analyze Web sites hosting malicious code using client-side honeypots.

The Team Cymru Darknet Project - http://www.cymru.com/Darknet/
A Darknet is a portion of routed, allocated IP space in which no active services or servers seemingly reside. However, there is in fact include at least one server for real-time analysis or post-event network forensics.

thp - Tiny Honeypot - http://www.alpinista.org/thp/
A simple honey pot program based on iptables redirects and an xinetd listener.

UK Honeynet Project - http://www.ukhoneynet.org/
Provides information surrounding security threats and vulnerabilities active in the wild on UK networks. Home of Honeysnap, tool to analyse Honeywall pcap files and extract summary information.

WebMaven (Buggy Bank) - http://www.mavensecurity.com/webmaven
WebMaven is an intentionally broken web application. It is intended to be used in a safe legal environment (your own host) as a training tool, as a basic benchmark platform to test web application security scanners and as a Honeypot.

Patches

Apache HTTP Server Vulnerability Lists - http://httpd.apache.org/security_report.html
Lists of security problems fixed in released versions of the Apache HTTP Server.

AusCERT - http://www.auscert.org.au
Australian Computer Emergency Response Team. Advisories and tools.

Bugtraq - http://www.securityfocus.com/archive/1
Independent source for security vulnerabilities, alerts, and threats.

CASESContact - tips and tricks - http://casescontact.org/rss_tips.php
CASEScontact is an information security site providing tips and tricks for home users and SMEs (Small and Medium-Sized Enterprises) for FREE (How to protect against threats, vulnerabilities, privacy, encryption, viruses, worms, Trojans, spyware etc.).

CERIAS - http://www.cerias.purdue.edu/
Center for Education and Research in Information Assurance and Security. University center for multidisciplinary research and education in areas of information security.

CERT Coordination Center - http://www.cert.org/
Studies Internet security vulnerabilities, provides incident response services to sites that have been the victims of attack, publishes a variety of security alerts, researches security and survivability in wide-area-networked computing, and develops information to improve site security.

Computer Incident Advisory Capability - http://www.ciac.org/ciac/index.html
CIAC publishes security bulletins and virus and hoax information. They provide computer security assistance to US Department of Energy (DOE) sites.

FrSIRT - http://www.frsirt.com/english/
Provides security advisories and real-time information about vulnerabilities, exploits, and threats. Sponsor of the Common Vulnerability Scoring System (CVSS).

ISS X-Force - http://xforce.iss.net/xforce/alerts
Security alerts, advisories, and alert summaries from ISS.

Linux Security Group - http://www.linux-security.us/
Security Advisories, Anti Hackers, programming books and related links.

Makesecure.com - http://www.makesecure.com
Network security news, alerts and updates

New Zealand Computer Emergency Readiness Team - http://www.nzcert.org.nz
Security Alerts and Advisories

Open Source Vulnerability Database - http://www.osvdb.org/
Searchable database of vulnerabilities. Offers data for download in XML format as well as via website. Details of how to submit new vulnerabilities, database schema and FAQ.

Oracle Security Center - http://www.oracle.com/technology/deploy/security/index.html
Tips, tools, and technologies to keep Oracle products safe, secure, and patched.

Patch Management Forum - http://groups.yahoo.com/group/patchmgmt/
Mailing list facilitates networking and information exchange related to patch management: announcements, testing, verification, operations processes, and vulnerabilities.

PatchAdvisor - http://www.patchadvisor.com
Fee based patch alert service.

PatchEasy - http://www.patcheasy.com/
Software vendor for patch management.

Patchlink Corporation - http://www.patchlink.com
Software vendor for cross platform patch management.

PatchManagement.org - http://www.patchmanagement.org/
Mailing list dedicated to the discussion of patch management.

SANS Internet Storm Center - http://isc.sans.org/
Cooperative cyber threat monitor and alert system. Features daily handler diaries that summarize and analyze new threats and events.

Secunia - http://secunia.com/
Provides security advisories and information about patches, and provides software for vulnerability management.

Secure Elements - http://www.secure-elements.com
Software vendor for IS technical control auditing, vulnerability management, and compliance. Provides advisories via XML and RSS, and fully supports OVAL and XCDDF XML standards for compliance and vulnerability functions.

Secure Elements C5 Alert Feed - http://rm.secure-elements.com/rss/seclabs.xml
Vulnerability and patch alerts

SecurityFocus: Bugtraq - http://www.securityfocus.com/rss/vulnerabilities.xml
Full disclosure computer security vulnerabilities feed.

Symantec DeepSight Threat Management System - http://www.symantec.com/Products/enterprise?c=prodinfo&refId=988
Fee based security alert service that provides early warning of active attacks.

US-CERT - http://www.us-cert.gov/
Established in 2003 to protect the nation's Internet infrastructure, US-CERT coordinates defense against and responses to cyber attacks across the nation.

VulnWatch - http://www.vulnwatch.org/
Computer security vulnerability disclosure mailing list