The early detection of new or modified attacks is an important goal in the internet infrastructure secutiry business. Thereby the detection of newly developed malicious software like viruses, worms and trojan horses plays a significant role.

We have focused on ?capturing? malware, which spreads independently over networks. It allows one to remotely control the victim?s system to abuse it for performing illegal tasks (like sending spam-mails)

We have introduced a system architecture which includes two server systems: One represents a system, which acts as a honeypot with an operation system installed that represents a good target to malware. The other system is positioned before the honeypot and acts as a firewall, which protects the whole system and is used to perform analysis and maintenance tasks. Furthermore, we developed a software to securely detect and analyse any malware activity on the honeypot.