Manual Chapter :
Creating malware baits
Applies To:
Show VersionsBIG-IP FPS
- 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.0
Creating malware baits
You can create a malware bait if you want the system to identify the malware type
that you are defining by means of baits that can attract the malware.
- On the Main tab, click.The Anti-Fraud Profiles screen opens.
- From the list of profiles, select the relevant profile.The Anti-Fraud Profile Properties screen opens.
- In the Anti-Fraud Configuration area, click.The list of user-defined malware types is displayed.
- In the Malware List, click the malware type on which you want to create malware baits, or clickAddto add a new malware type.If you clickAddto add a new malware type, you should first assign a name to the malware type in the General Settings area before proceeding to the next step.The Malware Properties screen appears.
- In the Malware Configuration area, selectBaits.The Baits list appears.
- ClickAdd.A new row is added to the list of malware baits.
- In theTrigger URLfield, type a trigger URL that is used to attract the malware.
- From thePositionlist, select one of the positions for the trigger URL in the query string of the bait file:
- Any:The trigger URL can be anywhere in the query string.
- Last:The trigger URL must be at the end of the query string.
- Alone:The query string must contain only the trigger URL.
- In theData Beforefield, type HTML tags that the malware looks for before the malicious injection.
- In theData Injectfield, type the malicious code or script that the malware injects in the HTML of the web page.
- ClickSave.The malware bait is saved.
If the system detects in the client's web browser that malware has attacked the bait
you defined, it generates an alert.