Like flypaper for malware..
The diary over at the SANS Institute mentioned an interesting program today. Nepenthes is a program that can simulate a vulnerability so that it can collect samples of malware trying to exploit that vulnerability.
They “simulate” a vulnerable system in the sense that on the network it responds to network requests the way a vulnerable computer would and then when the virus transmit it copies and archives the bad bug. The Nepenthes server then scans and submits the file to clamav so that the antivirus program can improve its detection database.
It would seem that something like this might be worth running on a large network. Let’s say you have a network of 100 pcs, this could give you an idea of when an outbreak begins and where it originates. It’s an interesting idea.