mapWOC is used for automatic verification of the integrity of websites and the detection of maliciously falsified content.
Risks on websites
Websites are increasingly being used as a conduit for the infection of the hosts of their visitors. The operators have not even added the abusive content on their websites. Rather, they themselves become victims of attacks in which the contents of their pages are falsified. Usually it involves only a small iframe element that was inserted into the database of the operator. During the generation of new content the iframe is added to the pages unnoticed.
During the presentation of such sites the content of a second (usually untrusted) server is loaded. This content is then malicious and contaminates the computer due to the vulnerability of the web browser. The full process is also known as drive-by download.
What is mapWOC?
mapWOC provides a high-interactive client-side honeypot or honeyclient. It is a massive automated passive Web Observation Center (mapWOC) to check website integrity and security:
- massive: comprehensive virtual and native browser systems, used as single or highly scalable cluster solution (up to 500,000 URLs per day per node)
- automated: automated surfing onto individually defined URL lists, analyze network traffic for malicious software
- passive: stay for period of time on each URL (to await an attack)
mapWOC is supported by the German Federal Office for Information Security (BSI).
mapWOC uses the following free software components:
- Debian Squeeze host system
- KVM for virtualization
- ClamAV for the analysis of malicious software
System state overview
List of available HoneyClients
Overview of available URL lists
Details of a created URL list
Overview of available Scans
Create new Standard Scan
Summary of a created Standard Scan
The redirector distributes URLs to all HoneyClients of a scan
Results of all scans
Result of a selected URL result (PDF found)