Skip to content


Microsoft’s New Patent – More Worms in Your Honeypot


Newly published Microsoft patent application (publication number 20070289018) has a rather interesting way of outlining the problem of detecting hackers attempting to misuse your system resources:

Various techniques have been developed and used to help detect the presence of such malware; unfortunately, detection of some malware has proved to be difficult. One technique attempts to set a trap, or “honeypot,” to detect the unauthorized use of network resources. For example, unused IP address space, such as a subnet, on the Internet can be set up as one or more honeypots in order to detect Internet worm activity. The computer systems that are set up as the honeypots at these addresses will not be providing any real services other than to record the activities of the invader. These honeypots are designed to wait for and detect unauthorized use of the IP addresses. The theory behind creating honeypots is that a worm that is scanning IP addresses is going to stumble across the honeypot and become detected. However, the effectiveness of such honeypots and similar detection technologies depends, in large part, on the worm blindly attempting to connect to multiple IP addresses. As the creators of these worms become more sophisticated in their methods of acquiring targets, these honeypots are becoming increasingly less successful at detecting these sophisticated worms.

Kudos on the terminology. Who says patent attorneys have no sense of humor? (Easy there . . . don’t make me turn off the comments)

Microsoft’s new system inserts a trap door to a detection system into a resource location store. Monitoring use of the trap door for misuse is under control of the detection system. Upon detecting misuse of the trap door entry, the system responds. The patent application suggests responses such as terminating the software application being hijacked or requesting re-authentication.

Unfortunately, the patent application makes no mention of waterboarding as an appropriate response to hackers caught in the honeypot. Hopefully however, Congress will see its way to allow waterboarding, worm removal or other response suitable for hackers slipping their worms where they should not be.

Brett Trout

Posted in Patent Law. Tagged with , , , , , , .