HoneyMap: Visualizing Malware Attacks Across the Globe with the Honeynet Project


The Honeynet Project is making some real waves in the malware community by setting up “sensors” across the Internet (in the fashion of honeypot servers pretending to be possible targets) in order to track the spread and distribution of malware. Now, they’ve taken it a step further with an amazing jQuery-driven visualization web page (named HoneyMap) that shows attack data in real time to interested users.

For more information on the project, visit their blog. This project has appeared on SiliconANGLE previously for assisting with other honeypot servers by adding SQL-injection simulation to servers—this has become the single most common method by which hackers and malware gain access to databases. SQL-injection is so prevalent that it has become a major security concern in DevOps circles for new and current products.

Looking at the HoneyMap product is almost mesmerizing, but it’s really just a very stable (and very simple) visualization of ongoing and current hits on the Honeynet Project honeypot servers:

…a real-time world map which visualizes attacks captured by honeypots of the Honeynet Project. Red markers on the map stand for attacks, yellow markers are sensors (honeypots).

This project is highly experimental and should be considered an ALPHA version. So far, current Chrome and Firefox browsers should work fine. Opera, Safari and Internet Explorer probably wont work. If you identify bugs or have feature requests, please let us know.

As noted, the project is still in the alpha stage; but it’s an amazing piece of work.

Looking at products such as Splunk used widely for security, or Hadoop to filter through all of the Big Data generated by this project. Malware is essentially the disease and vectors of cyberspace and fortunately machines are not people—we can set out virtual machines all across the Internet that can pretend to get infected in order to capture bugs in the wild or track their spread.

The sensor net set up by the Honeynet Project will provide a great deal of data about the activity of malware.

I also see potential for making mobile-mimicking honeynets to track iOS and Android malware (as we all know mobile malware is a huge part of the current ecology.)

With data collection ventures like the Honeynet Project and a strong sifting through of the Big Data by security researchers and other outfits, we might see a revolution in how we track and prepare for the malware storms of the future. Mobile devices and PCs could make good use of anti-virus companies having access to knowledge of what’s trending so that they can prepare their flu-shots and vaccines early by prototyping and fingerprinting new malware.