Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: Sweet Treats from the Honeynet group. SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Sweet Treats from the Honeynet group.
The Honeynet Project and Research Alliance are pleased to announce the
release of mwcollect v3.0.0 on http://www.mwcollect.org/ .

Mwcollect is a distributed malware collector network. A mwcollect network is composed of 1 or more mwcollectd sensors; an optional database to store collected binaries and optional redirect servers that send specific ports towards the mwcollectd sensors. Mwcollectd sensors simulate vulnerable services to spreading malware and thus that malware tries to exploit these services. The mwcollectd daemon then parses the exploit packets, searches them for the shellcode, interprets the shellcode, and then takes further actions to download the malware. The malware can then be submitted into a database or stored on the local filesystem. The redirect servers act as NATTed gateways to forward specific ports to the mwcollectd servers. This provides greater IP address space coverage with fewer full-blown mwcollectd servers.

What's new?
The core has been completely rewritten. It is now even more modularized
and has proven to be very stable. Integration of libCURL for http/ftp
downloads is now threaded and therefore does not result in an increased
CPU usage. Mwcollect v3.0.0 is much more suited for future extensions
and is the important step from the proof of concept that v2.x.x was to a
real mature product. Mwcollect is now licensed under the GPL, (c) by
Honeynet Project.

Obtaining mwcollect
You can download a compressed .tar.bz2 source package from
http://download.mwcollect.org/ .

donald

206 Posts
ISC Handler
Oct 30th 2005

Sign Up for Free or Log In to start participating in the conversation!