Malicious code capturing method and system

The invention relates to malicious code capturing method and system. The malicious code capturing method includes acquiring email data from various email data sources; analyzing the email data, recording files, which cannot be eliminated according to set false negative rate, as suspicious files, and storing the suspicious files to suspicious file database; and detecting the suspicious files by malicious code feature database and manual detection; and storing the suspicious files with unusual detection results to malicious code sample database. The malicious code capturing method and system are applicable to a related honeypot and honeynet system, coverage range of captured objects can be increased, and capability of capturing malicious codes is improved.