English | Deutsch
Home » About mapWOC

About mapWOC

mapWOC is used for automatic verification of the integrity of websites and the detection of maliciously falsified content.

Risks on websites

Websites are increasingly being used as a conduit for the infection of the hosts of their visitors. The operators have not even added the abusive content on their websites. Rather, they themselves become victims of attacks in which the contents of their pages are falsified. Usually it involves only a small iframe element that was inserted into the database of the operator. During the generation of new content the iframe is added to the pages unnoticed.

During the presentation of such sites the content of a second (usually untrusted) server is loaded. This content is then malicious and contaminates the computer due to the vulnerability of the web browser. The full process is also known as drive-by download.

What is mapWOC?

mapWOC provides a high-interactive client-side honeypot or honeyclient. It is a massive automated passive Web Observation Center (mapWOC) to check website integrity and security:

  • massive: comprehensive virtual and native browser systems, used as single or highly scalable cluster solution (up to 500,000 URLs per day per node)
  • automated: automated surfing onto individually defined URL lists, analyze network traffic for malicious software
  • passive: stay for period of time on each URL (to await an attack)

mapWOC is supported by the German Federal Office for Information Security (BSI).

Components

mapWOC uses the following free software components:

  • Debian Squeeze host system
  • KVM for virtualization
  • ClamAV for the analysis of malicious software

Functionality

Screenshots

  • System state overview

  • List of available HoneyClients

  • Overview of available URL lists

  • Details of a created URL list

  • Overview of available Scans

  • Create new Standard Scan

  • Summary of a created Standard Scan

  • The redirector distributes URLs to all HoneyClients of a scan

  • Results of all scans

  • Result of a selected URL result (PDF found)