This post is strictly correlated with the previous Malware Hunting.
As mentioned earlier, there is a big necessity of automated collection tecnology, such as generic Malware Collector and HoneyPots.
In computer terminology, a honeypot is a trap set to detect, deflect or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer, data or a network site that appears to be part of a network but which is actually isolated, (un)protected and monitored, and which seems to contain information or a resource that would be of value to attackers. A honeypot that masquerades as an open proxy is known as a sugarcane.
It’s necessary to distinguish between various kinds of HoneyPots, but we’re intersted to the Malware Collectors
MultiPot The most easy and little HoneyPot
Argos Argos is a full and secure system emulator designed for use in honeypots. It is based on Qemu, an open source emulator that uses dynamic translation to achieve a fairly good emulation speed.
Honeyd Honeyd is a small daemon that creates virtual hosts on a network. The hosts can be configured to run arbitrary services, and their personality can be adapted so that they appear to be running certain operating systems.
HoneyBOT HoneyBOT is a Windows based medium interaction honeypot solution, this HoneyPot supports in a great manner malicious uploading, so can be used for Malware Collection.
Around here, there are also many HoneyPot Projects developed by various organizations that are referred to a common big project, the HoneyNet Alliance
In my experience I’ve seen that the most flexible and powerful HoneyPot Framework, is Honeyd, it can be used in different areas of system security, Network Decoys and the most intersting (for me) Detecting Collecting Worms.