MalwareMustDie
Whitehat security research workgroup / From Wikipedia, the free encyclopedia
MalwareMustDie, NPO[1][2] is a whitehat security research workgroup that was launched in August 2012. MalwareMustDie is a registered nonprofit organization as a medium for IT professionals and security researchers gathered to form a work flow to reduce malware infection in the internet. The group is known for their malware analysis blog.[3] They have a list[4] of Linux malware research and botnet analysis that they have completed. The team communicates information about malware in general and advocates for better detection for Linux malware.[5]
![]() MalwareMustDie logo | |
Abbreviation | MMD |
---|---|
Formation | August 28, 2012; 11 years ago (2012-08-28) |
Type | |
Purpose |
|
Headquarters | Japan, Germany, France, United States |
Region | Global |
Membership | < 100 |
Website | www |
MalwareMustDie is also known for their efforts in original analysis for a new emerged malware or botnet, sharing of their found malware source code[6] to the law enforcement and security industry, operations to dismantle several malicious infrastructure,[7][8] technical analysis on specific malware's infection methods and reports for the cyber crime emerged toolkits.
Several notable internet threats that were first discovered and announced by MalwareMustDie are:
- Prison Locker[9] (ransomware)
- Mayhem[10][11] (Linux botnet)
- Kelihos botnet v2[12][13]
- ZeusVM[14]
- Darkleech botnet analysis[15]
- KINS (Crime Toolkit)
- Cookie Bomb[16] (malicious PHP traffic redirection)
- Mirai[17][18][19][20]
- LuaBot[21][22]
- NyaDrop[23][24]
- NewAidra or IRCTelnet[25][26][27]
- Torlus aka Gafgyt/Lizkebab/Bashdoor/Qbot/BASHLITE)[28]
- LightAidra [29]
- PNScan[30][31][32]
- STD Bot
- Kaiten[33][34] botnets (Linux DDoS or malicious proxy botnet Linux malware)
- ChinaZ (China DDoS Trojan)
- Xor DDoS[35][36][37] (China DDoS Trojan)
- IpTablesx[38] (China DDoS Trojan)
- DDoSTF[39] (China DDoS Trojan)
- DESDownloader[40] (China DDoS Trojan)
- Cayosin DDoS botnet[41][42][43]
- DDoSMan[44][45][46] (China DDoS Trojan)
- AirDropBot DDoS botnet[47][48][49]
- Mirai FBot DDoS botnet[50][51][52]
- Kaiji IoT DDoS/bruter botnet[53][54][55]
MalwareMustDie has also been active in analysis for client vector threat's vulnerability. For example, Adobe Flash CVE-2013-0634 (LadyBoyle SWF exploit)[56][57] and other undisclosed Adobe vulnerabilities in 2014 have received Security Acknowledgments for Independent Security Researchers from Adobe.[58] Another vulnerability researched by the team was reverse engineering a proof of concept for a backdoor case (CVE-2016-6564) of one brand of Android phone device that was later found to affect 2 billion devices.[59]
Recent activity of the team still can be seen in several noted threat disclosures, for example, the "FHAPPI" state-sponsored malware attack,[60] the finding of first ARC processor malware,[61][62][63] and "Strudel" threat analysis (credential stealing scheme). [64] The team continues to post new Linux malware research on Twitter and their subreddit.
MalwareMustDie compares their mission to the Crusades, emphasizing the importance of fighting online threats out of a sense of moral duty. Many people have joined the group because they want to help the community by contributing to this effort.[65]