[ISN] Malware Honeypot Projects Merge

InfoSec News isn at c4i.org
Fri Feb 24 01:51:01 EST 2006


http://www.eweek.com/article2/0,1895,1930735,00.asp

By Ryan Naraine 
February 23, 2006 

Looking to streamline the collection of malware samples, two of the
biggest honeypot projects—mwcollect and nepenthes - have merged
operations.

The two projects, which passively trap viruses, spyware and other
forms of malicious software by emulating known vulnerabilities, will
combine operations to develop a single malware collection tool,
according to an announcement my mwcollect head developer Georg
Wicherski.

The merger comes after a year of concurrent development that caused a
lot of overlap and shared work, Wicherski said.

"Mwcollect.org will become a top-level community covering malware
collection efforts, [and] nepenthes will become the official software
used for malware collection and be part of mwcollect.org," he said.

A new mwcollect.org meta-portal will be created to host information
related to malware collection.

Instead of having two tools, mwcollectd will be discontinued after the
current version 3.0.4, and nepenthes will be the official successor,
Wicherski added.

He said the mwcollect Alliance will continue to exist with existing
mwcollect v3.0.3 sensor and nepenthes sensors later on.

"The benefit to the end user is a much more powerful software due to
joined forces, [and] the benefit to the developers is that we need to
spend less time on developing due to shared work," Wicherski added.

Existing nepenthes users won't notice any changes, but researchers
using the mwcollectd tool are urged to make the switch to nepenthes.

Going forward, Wicherski said the project pages will be merged under
one roof ahead of a new nepenthes version.





More information about the ISN mailing list