Current Development of the DonkeyPot is progressing along at different speeds lately.
I’ve been looking at many different coding examples from the OCAML code for mldonkey to a lovely little c# app as I decided that trying to do it all in perl might not be the best idea.
The first version of the code should be ready for release over the next few months.
Some interesting finds so far from testing has shown that the majority of the types of files that have malware, as deduced by virustotal.com, are for anti-virus ‘patches’. At last check there were over 750k unique files (by md4) being shared on the edonkey network.
From the files that I have tested so far I am already seeing some links between existing botnets that are in circulation and those shadowserver are tracking. This raises some very interesting questions about the propagation methods of these botnets.
Another interesting point is that for the majority of the files that I have collected/tested there is very minimal coverage from the leading anti-virus vendors.