Sweet Treats from the Honeynet group.

Published: 2005-10-30
Last Updated: 2005-10-30 15:41:19 UTC
by donald smith (Version: 1)
0 comment(s)
The Honeynet Project and Research Alliance are pleased to announce the
release of mwcollect v3.0.0 on http://www.mwcollect.org/ .

Mwcollect is a distributed malware collector network. A mwcollect network is composed of 1 or more mwcollectd sensors; an optional database to store collected binaries and optional redirect servers that send specific ports towards the mwcollectd sensors. Mwcollectd sensors simulate vulnerable services to spreading malware and thus that malware tries to exploit these services. The mwcollectd daemon then parses the exploit packets, searches them for the shellcode, interprets the shellcode, and then takes further actions to download the malware. The malware can then be submitted into a database or stored on the local filesystem. The redirect servers act as NATTed gateways to forward specific ports to the mwcollectd servers. This provides greater IP address space coverage with fewer full-blown mwcollectd servers.

What's new?
The core has been completely rewritten. It is now even more modularized
and has proven to be very stable. Integration of libCURL for http/ftp
downloads is now threaded and therefore does not result in an increased
CPU usage. Mwcollect v3.0.0 is much more suited for future extensions
and is the important step from the proof of concept that v2.x.x was to a
real mature product. Mwcollect is now licensed under the GPL, (c) by
Honeynet Project.

Obtaining mwcollect
You can download a compressed .tar.bz2 source package from
http://download.mwcollect.org/ .

0 comment(s)


Diary Archives