Manual Chapter : Creating malware baits

Applies To:

Show Versions Show Versions

BIG-IP FPS

  • 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.0
Manual Chapter

Creating malware baits

You can create a malware bait if you want the system to identify the malware type that you are defining by means of baits that can attract the malware.
  1. On the Main tab, click
    Security
    Fraud Protection Service
    Anti-Fraud Profiles
    .
    The Anti-Fraud Profiles screen opens.
  2. From the list of profiles, select the relevant profile.
    The Anti-Fraud Profile Properties screen opens.
  3. In the Anti-Fraud Configuration area, click
    Malware Detection
    Malware List
    .
    The list of user-defined malware types is displayed.
  4. In the Malware List, click the malware type on which you want to create malware baits, or click
    Add
    to add a new malware type.
    If you click
    Add
    to add a new malware type, you should first assign a name to the malware type in the General Settings area before proceeding to the next step.
    The Malware Properties screen appears.
  5. In the Malware Configuration area, select
    Baits
    .
    The Baits list appears.
  6. Click
    Add
    .
    A new row is added to the list of malware baits.
  7. In the
    Trigger URL
    field, type a trigger URL that is used to attract the malware.
  8. From the
    Position
    list, select one of the positions for the trigger URL in the query string of the bait file:
    • Any:
      The trigger URL can be anywhere in the query string.
    • Last:
      The trigger URL must be at the end of the query string.
    • Alone:
      The query string must contain only the trigger URL.
  9. In the
    Data Before
    field, type HTML tags that the malware looks for before the malicious injection.
  10. In the
    Data Inject
    field, type the malicious code or script that the malware injects in the HTML of the web page.
  11. Click
    Save
    .
    The malware bait is saved.
If the system detects in the client's web browser that malware has attacked the bait you defined, it generates an alert.