Shelia - Client-side honeypot for attack detection

Shelia is a simple intrusion detection system for the client side. It comes with a client emulator that scans through a mail folder specified on the command line. Typically, this would be the spam folder. In this folder the client emulator is capable of following every url and opening every attachment.

The current release of Shelia is for Windows was written by Joan Robert Rocaspana and assumes the presence of the Outlook Express mailreader. A Linux release is considered future work. Note: this is experimental software to deal with malicious code. Use at your own risk. Neither the authors, nor the Vrije Universiteit will accept liability for any damage caused by this software.

Shelia monitors the processes and generates alerts when the process attempts to change the registry, create files, or attempts specific network operations (a precise description can be found in the documentation which is currently very much in draft status). A Readme file in this directory explains command line options. Shelia may even allow the attack to run until it downloads the malware, which is then captured and stored in a specific directory (not unlike the download of malware offered by projects like Nepenthes).