This looks like rather a nice tool if you’re curious as to what the black hats are up to at the moment – mwcollect simulates an insecure system and, when attacked, works out whether the exploit is trying to download some remote code and obligingly fetches it for you and quarrantines it for later inspection.
Or at least that’s what it says on the site, I’m blogging this as a bookmark so I can have a play at some point..