mwcollect is an easy solution to collect worm-like malware in a non-native environment like FreeBSD or Linux. The first versions were used to collect binaries for botnet monitoring, and bots are still what it is mostly collecting. Some people consider it a next generation honeypot; however, that comparison often leads to the misunderstanding that computers running mwcollect can actually be infected with the malware, which is not the case.
|Operating Systems||POSIX BSD FreeBSD Linux Windows Windows Cygwin|
Release Notes: This release adds a submit-gotek submission module, fixes some bugs in the timeout code, and builds cleanly under FreeBSD.
Release Notes: A vuln-ms0551 module (tcp/1025 MSDTC action; Dasher.A-C) was added. Shell parsing was improved. Fixes were made regarding startup file permissions. Various bugfixes were made. Other changes were done.
Release Notes: This release fixes some minor bugs, adds two shellcode parsers and a new parsing engine for FTP instruction files, and, most importantly, introduces approved Prelude IDS compatibility to mwcollect.
Release Notes: This version is a complete rewrite from the scratch. The network core now supports mulitple (vulnerability) modules per port and is much more mature and stable in general. This release is the step from the proof-of-concept toy to a real mature project.
Release Notes: Some minor usage bugs were fixed. A major DoS security bug in PCRE usage was fixed.