Initiative-S
Enterprises and private users register at www.initiative-s.de for the website check. The registration consists only of entering the Internet address to be checked and a valid email address. The entered information is validated in order to prevent fraud and then the security experts begin checking the website for malicious software and other malicious changes made to the website. That is done at regular intervals to ensure that the website is clean and will remain clean. Different well-known antivirus programs are used in addition to our own developments to ensure a high rate of recognition. The tools that are used do not burden the website more than a regular website visitor.
HoneyclientDispatcher
The HoneyClientDispatcherV2 (HCDv2) is a client-server application that allows spreading the load generated by analysing web content using the HoneyUnit and PDF Scrutinizer across multiple worker systems.
HoneyUnit
Honeyunit uses HtmlUnit to simulate the rendering of HTML documents by different web browsers and Mozilla Rhino to execute JavaScript embedded in them. During the process, the HoneyUnit simulates user activity (e.g. filling out forms, hovering over and clicking on elements) to complicate the detection of the fact that the page is not rendered by a real browser.
PDF Scrutinizer
“The PDF Scrutinizer is a client honeypot for detecting malicious PDF documents. It was developed using three open-source libraries: Mozilla Rhino, Apache PDFBox, and libemu. It was developed by Fraunhofer FKIE to dynamically analyse the content of a PDF document in order to identify malicious patterns or behaviour in it. It can be used for example in conjunction with the HoneyUnit to expand its detection capabilities allowing a more comprehensive and thus more accurate analysis of malicious websites.
Fraunhofer FKIE provided a working prototype of the PDF Scrutinizer before the start of the ACDC Project but extended it as part of the project. A particular focus for this work was simplifying the integration of the PDF Scrutinizer with the ACDC Solution which was achieved by adding HPFeeds support, which can be used in conjunction with the ACDC HPFeeds Connector to submit analysis results to the ACDC CCH.”