As of today approximately 4.5 million PCs are running a malware honeypot on their machines with Panda's behavioural-based Host Intrusion Prevention System (aka TruPrevent©). All these high-interaction malware honeypot nodes report to PandaLabs any new malware sample that TruPrevent© flags as malware and which is not detected by regular AV signatures.

The results are pretty interesting. Over 80% of the malware samples received at PandaLabs from our users are now coming from automated submissions from this honeynet. This also means that the number of unique samples received from users at PandaLabs has increased by about 700% over the last two years. It is interesting to note that these are the most interesting samples we are receiving in the Lab as they are real-life samples affecting real users, not private zoo collections that are not actively infecting users.

The following graphs the evolution of how the samples are received at PandaLabs over time since we started deploying the HIPS honeynet to our users in mid-2004. Of course this graph excludes collections submitted by industry sharing and private researchers.

 PandaLabs Unique Samples

Other interesting malware honeypot projects to watch out for are mwcollect and eEye.