Microsoft Files Patent for HoneyMonkey Exploit Finder
Security Watch
SHARE
Facebook X Pinterest WhatsApp

Microsoft Files Patent for HoneyMonkey Exploit Finder

Written By
Ryan Naraine
Ryan Naraine
Dec 26, 2007
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Microsoft has filed a patent claim for the Strider HoneyMonkey malware/exploit detection system created by its internal research unit.

The claim, currently being reviewed at Peer-to-Patent, is a clear signal that the two-year-old research project could soon find itself in a software product coming out of the Redmond, Wash., software vendor.

The HoneyMonkey system, first discussed in August 2005, is best described as an automated Web patrol that uses multiple Windows computers — some unpatched and some fully updated — to streamline the process of finding zero-day Web-based exploits.

[ SEE: Strider HoneyMonkey: Trawling for Windows Exploits ]

When it was first introduced, Microsoft explained how researchers were able to use HoneyMonkeys to find 752 unique URLs (hosted on 287 sites) that were firing drive-by exploits at Internet Explorer users. From those URLs, the system was able to confirm that active exploits were infecting Windows XP machines, including one for a fully patched system running the company’s newly hardened XP SP2 (Service Pack 2).

The entire system consists of a “pipeline of monkey programs” running on VMs (Virtual Machines) with different patch levels in order to detect exploit sites with different capabilities.

[ SEE: Microsoft Unwraps HoneyMonkey Detection Project ]

The extract from the patent filing explains:

“A network can be explored to investigate exploitive behavior. For example, network sites may be actively explored by a honey monkey system to detect if they are capable of accomplishing exploits, including browser-based exploits, on a machine. Also, the accomplishment of exploits may be detected by tracing events occurring on a machine after visiting a network site and analyzing the traced events for illicit behavior. Alternatively, site redirections between and among uniform resource locators (URLs) may be explored to discover relationships between sites that are visited.“

The USPTO (United States Patent and Trademark Office), in partnership with Peer-to-Patent, has set up a wiki to solicit prior art claims on Microsoft’s invention claim.
Ryan Naraine
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

facebook
linkedin
youtube
rss
x

Company

About us Contact us Advertise with us

Categories

Latest News Resources Artificial Intelligence Video Big Data & Analytics Cloud Networking

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information