Nepenthes and mwcollect are merging into one project. So now instead of two different tools, mwcollect will be retired after the release of version 3.0.4 and focus will shift to Nepenthes with mwcollect.org becoming the community portal. This a good news for Windows network operators because Nepethes is a powerful tool.
Nepenthes works by emulating known vulnerabilities where its downloads any malware that tries to exploit those vulnerabilities.
Current modules for Nepenthes allow it to emulate problems with DCOM, Local Security Authority Service (LSASS), WINS, ASN1, NetBIOS, SQL Server, and a lot more Microsoft services.
You can read more about the restructuring efforts
. And you read about mwcollect and Nepenthes in my article, "
Honeypots That Collect Malware