Testing and comparing antivirus software necessitates the availability of malware samples. An efficient way to detect malware is the use of honeypots. There exist honeypots which passively wait for automated attacks in order to capture the malicious binaries. Other types of honeypots crawl the web, and, by being attacked, can identify malicious websites. The goal was to create an efficient, easily manageable and adaptable network of honeypots, distributed worldwide, which automatically collects and handles malware from the web. For this purpose, existing honeypots were investigated and compared extensively. The findings were incorporated in the design of specialized, user-friendly honeynets, capable of automatically collecting malware samples and handling already known and unknown (zero-day) attacks. Additionally, an efficient sorting mechanism for large amounts of malware files was developed in order to create useful test sets.
Florian Girtler (born in 1983) studied Computer Science at the University of Innsbruck where he received his MSc in 2011. He is currently working for AV-Comparatives.