A honeymonkey is a computer or a virtual PC that actively mimics the actions of a user surfing the Web. A series of “monkey programs,” which drive a browser in a manner similar to that of a human user, run on virtual machines in order to detect exploit sites. The browsers can be configured to run with fully updated software, or without specific updates in order to look for exploit sites that target specific vulnerabilities. In this manner, the attacks more likely to impact customers can be analyzed and detected.
The Strider HoneyMonkey Exploit Detection System, is a codename for a Microsoft Research project which permits investigators to detect and analyze Web sites hosting malicious code — in particular, code that exploits browser vulnerabilities. At each Web site identified by Strider HoneyMonkey, however, follow-up work is required to identify what kind of exploit exists and how it operates.