Spam honeypots are an excellent way to gather malware binaries as well as malicious URLs that attackers use to infect their targets. Many malware campaigns are shotgun blasts of emails sent to very large numbers of email addresses. If you can get your bait address on their list, they essentially send you a copy of the malware or the URL that leads to it. This talk will cover how to setup a spam honeypot for gathering these types of threats. It will also cover how to efficiently sort through the data coming in, what data points are valuable to include in your analysis, and finally how and where to share the threat data that you are gathering. The goal is to give one the tools they need to protect themselves from emerging threats as they appear in the wild.
Robert Simmons (Twitter: @MalwareUtkonos) is a Senior Threat Intelligence Researcher for ThreatConnect, Inc. With an expertise in building automated malware analysis systems based on open source tools, he has been tracking malware and phishing attacks and picking them apart for years. Robert has a background in biology, linguistics, and Russian area studies. He has lived extensively in Russia and Ukraine and has been known to swear profusely and constantly in Russian.