MalwareMustDie explained

MalwareMustDie
Abbreviation:MMD
Region:Global
Headquarters:Japan, Germany, France, United States
Membership:< 100

MalwareMustDie, NPO[1] [2] is a whitehat security research workgroup that was launched in August 2012. MalwareMustDie is a registered nonprofit organization as a medium for IT professionals and security researchers gathered to form a work flow to reduce malware infection in the internet. The group is known for their malware analysis blog.[3] They have a list[4] of Linux malware research and botnet analysis that they have completed. The team communicates information about malware in general and advocates for better detection for Linux malware.[5]

MalwareMustDie is also known for their efforts in original analysis for a new emerged malware or botnet, sharing of their found malware source code[6] to the law enforcement and security industry, operations to dismantle several malicious infrastructure,[7] [8] technical analysis on specific malware's infection methods and reports for the cyber crime emerged toolkits.

Several notable internet threats that were first discovered and announced by MalwareMustDie are:

MalwareMustDie has also been active in analysis for client vector threat's vulnerability. For example, Adobe Flash (LadyBoyle SWF exploit)[56] [57] and other undisclosed Adobe vulnerabilities in 2014 have received Security Acknowledgments for Independent Security Researchers from Adobe.[58] Another vulnerability researched by the team was reverse engineering a proof of concept for a backdoor case of one brand of Android phone device that was later found to affect 2 billion devices.[59]

Recent activity of the team still can be seen in several noted threat disclosures, for example, the "FHAPPI" state-sponsored malware attack,[60] the finding of first ARC processor malware,[61] [62] [63] and "Strudel" threat analysis (credential stealing scheme). [64] The team continues to post new Linux malware research on Twitter and their subreddit.

MalwareMustDie compares their mission to the Crusades, emphasizing the importance of fighting online threats out of a sense of moral duty. Many people have joined the group because they want to help the community by contributing to this effort.[65]

Notes and References

  1. Web site: Nachts nehmen wir Malware-Seiten hoch . . March 3, 2013 . 3 March 2013 . Jorg Thoma .
  2. Web site: The rise of the whitehats . IT News . September 12, 2013 . 12 September 2013 . Darren Pauli .
  3. Web site: MalwareMustDie! · MMD Malware Research Blog. blog.malwaremustdie.org.
  4. Web site: Linux Malware Research List Updated . MalwareMustDie . November 22, 2016 . 22 November 2016 . unixfreaxjp.
  5. Web site: virustotal += Detailed ELF information . . November 11, 2014 . 11 November 2014 . Emiliano Martinez .
  6. Web site: Ransomware, IRC Worm, Zeus, Botnets source codes shared in Germany Torrent . E Hacking News . June 4, 2013 . 4 June 2013 . Ram Kumar.
  7. Web site: Ukrainian Group May Be Behind New DELoader Malware . . June 24, 2016 . 24 June 2016 . Catalin Cimpanu .
  8. Web site: Malware Must Die : Operation Tango Down - sur des sites russes malveillants . undernews.fr . July 27, 2013 . 27 July 2013 . UnderNews Actu .
  9. Web site: Researchers warn of new, meaner ransomware with unbreakable crypto . . January 7, 2014 . 7 January 2014 . Dan Goodin .
  10. Web site: Mayhem Botnet Relies on Shellshock Exploit to Expand . . October 10, 2014 . 10 October 2014 . Ionut Ilascu .
  11. Web site: Shellshock Exploits Spreading Mayhem Botnet Malware . Threat Post . October 9, 2014 . 9 October 2014 . Michael Mimoso .
  12. Web site: Kelihos Relying on CBL Blacklists to Evaluate New Bots . Threat Post . August 28, 2013 . 28 August 2013 . Michael Mimoso .
  13. Web site: Second Version of Hlux/Kelihos Botnet . . November 13, 2013 . 13 November 2013 . Eduard Kovacs .
  14. Web site: Infections with ZeusVM Banking Malware Expected to Spike As Building Kit Is Leaked . . July 6, 2015 . 6 July 2015 . Ionut Ilascu.
  15. Web site: Darkleech infects 20,000 websites in just a few weeks . www.infosecurity-magazine.com . April 5, 2013 . 5 April 2013 . Info Security Magazine .
  16. Web site: CookieBomb Attacks Compromise Legitimate Sites . www.securityweek.com . August 19, 2013 . 19 August 2013 . Brian Prince .
  17. Web site: Mirai Botnet . The New Jersey Cybersecurity and Communications Integration Cell (NJCCIC) . December 28, 2016 . 28 December 2016 . njccic .
  18. Web site: Linux/Mirai ELF, when malware is recycled could be still dangerous . www.securityaffairs.co . September 5, 2016 . 5 September 2016 . Odisseus.
  19. Web site: Bots-powered DDOS looms large over Asia’s banks . www.enterpriseinnovation.net . December 12, 2014 . 12 December 2014 . Allan Tan.
  20. Web site: The Short Life of a Vulnerable DVR Connected to the Internet . www.isc.sans.edu . October 3, 2016 . 3 October 2016 . Johannes B. Ullrich, Ph.D..
  21. Web site: LuaBot Is the First DDoS Malware Coded in Lua Targeting Linux Platforms . . September 5, 2016 . 5 September 2016 . Catalin Cimpanu .
  22. Web site: LuaBot Author Says His Malware Is "Not Harmful" . . September 17, 2016 . 17 September 2016 . Catalin Cimpanu.
  23. Web site: NyaDrop exploiting Internet of Things insecurity to infect Linux devices with malware . . October 17, 2016 . 17 October 2016 . David Bisson.
  24. Web site: A New Linux Trojan Called NyaDrop Threatens the IoT Landscape . . October 14, 2016 . 14 October 2016 . Catalin Cimpanu .
  25. Web site: Hackers release new malware into the wild for Mirai botnet successor . . November 1, 2016 . 1 November 2016 . Charlie Osborne .
  26. Web site: Security Blogger Identifies Next IoT Vulnerability, This Time on Linux OS . www.iotevolutionworld.com . November 1, 2016 . 1 November 2016 . Ken Briodagh.
  27. Web site: A successor to Mirai? Newly discovered malware aims to create fresh IoT botnet . . October 31, 2016 . 31 October 2016 . John Leyden.
  28. Web site: First attacks using shellshock Bash bug discovered . . September 25, 2014 . 25 September 2014 . Liam Tung .
  29. Web site: Use home networking kit? DDoS bot is BACK... and it has EVOLVED . . September 9, 2014 . 9 September 2014 . John Leyden .
  30. Web site: Linux.PNScan Trojan is back to compromise routers and install backdoors . securityaffairs.co . August 25, 2016 . 25 August 2016 . Pierluigi Paganini .
  31. Web site: Linux Trojan Brute Forces Routers to Install Backdoors . www.securityweek.com . August 24, 2016 . 24 August 2016 . SecurityWeek News .
  32. Web site: PNScan Linux Trojan Resurfaces with New Attacks Targeting Routers in India . . August 25, 2016 . 25 August 2016 . Catalin Cimpanu .
  33. Web site: Infosec miscreants are peddling malware that will KO your router . . March 30, 2016 . 30 March 2016 . John Leyden .
  34. Web site: Linux Mint hacked: Compromised data up for sale, ISO downloads backdoored (with Kaiten) . . February 22, 2016 . 22 February 2016 . Steve Ragan.
  35. Web site: Group Uses over 300,000 Unique Passwords in SSH Log-In Brute-Force Attacks . . April 9, 2015 . 9 April 2015 . Ionut Ilascu .
  36. Web site: Sneaky Linux malware comes with sophisticated custom-built rootkit . . February 6, 2015 . 6 February 2015 . Lucian Constantin .
  37. Web site: Linux-powered botnet generates giant denial-of-service attacks . . September 30, 2015 . 30 September 2015 . Liam Tung .
  38. Web site: DDoS-Malware auf Linux-Servern entdeckt . . September 4, 2014 . 4 September 2014 . Jorg Thoma .
  39. Web site: Windows and Linux Malware Linked to Chinese DDoS Tool . . January 6, 2016 . 6 January 2016 . Catalin Cimpanu.
  40. Web site: Proofpoint Emerging Threat Daily Ruleset Update Summary 2015/06/25 . . June 25, 2014 . 25 June 2015 . Emerging Threat.
  41. Web site: Exclusive – MalwareMustDie Team analyzed the Cayosin Botnet and its criminal ecosystem . www.securityaffairs.co . February 9, 2019 . February 9, 2019 . Pierluigi Paganini, Odisseus and Unixfreaxjp.
  42. Web site: Tragedy strikes! Cayosin Botnet combines Qbot and Mirai to cause Erradic behavior . perchsecurity.com . February 3, 2019 . February 3, 2019 . Paul Scott.
  43. Web site: New Botnet Shows Evolution of Tech and Criminal Culture . www.darkreading.com . February 4, 2019 . February 4, 2019 . Curtis Franklin Jr..
  44. Web site: BREAKING: new update about DDoS’er Linux/DDoSMan ELF malware based on Elknot . www.securityaffairs.co . April 2, 2019 . April 2, 2019 . Pierluigi Paganini, Odisseus .
  45. Web site: New Linux/DDosMan threat emerged from an evolution of the older Elknot . www.cyware.com . April 1, 2019 . April 1, 2019 . Cyware.
  46. Web site: Chinese ELF Prepares New DDoS Attacks . www.socprime.com . April 1, 2019 . April 1, 2019 . SOC Prime.
  47. Web site: Analysis of a new IoT malware dubbed Linux/AirDropBot . Security Affairs . September 30, 2019 . September 30, 2019 . Pierluigi Paganini .
  48. Web site: IoT Malware Linux/AirDropBot – What Found Out . October 10, 2019 . October 10, 2019 . October 10, 2019 . Adm1n .
  49. Web site: Linux AirDropBot Samles . Malware News . October 1, 2019 . October 1, 2019 . MalBot .
  50. Web site: Linux Malware: The Truth About This Growing Threat . Linux Security . April 3, 2020 . April 3, 2020 . Brittany Day .
  51. Web site: Fbot re-emerged, the backstage . Security Affairs . February 26, 2020 . February 26, 2020 . Pierluigi Paganini .
  52. Web site: Analyzing Mirai-FBot infected devices found by MalwareMustDie . ONYPHE - Your Internet SIEM . March 4, 2020 . March 4, 2020 . Patrice Auffret .
  53. Web site: New Kaiji Botnet Malware Targets IoT, But 'New' Doesn't Mean 'Undetectable' . Security Boulevard . May 7, 2020 . May 7, 2020 . Silviu Stahie .
  54. Web site: Researchers Find New Kaiji Botnet Targeting IoT, Linux Devices . Semi Conductors Industry . May 6, 2020 . May 7, 2020 . Carlton Peterson .
  55. Web site: New Kaiji malware targets IoT devices via SSH brute-force attacks . ZDNet . May 5, 2020 . May 7, 2020 . Catalin Cimpanu .
  56. Web site: Adobe Flash Player Regular Expression Heap Overflow CVE-2013-0634 . . July 17, 2013 . 17 July 2013 . Boris Ryutin, Juan Vazquaez .
  57. Web site: Gondad Exploit Pack Add Flash CVE-2013-0634 Support . Eric Romang Blog at zataz.com . February 10, 2013 . 10 February 2013 . WoW on Zataz.com .
  58. Web site: Adobe.com Security Acknowledgments (2014) . . February 1, 2014 . 1 February 2014 . Adobe team.
  59. Web site: More Dodgy Firmware Found on Android Devices . www.bankinfosecurity.com . November 21, 2016 . 21 November 2015 . Jeremy Kirk.
  60. Web site: Dirty Political Spying Attempt behind the FHAPPI Campaign . securityaffairs.co . March 21, 2017 . 21 March 2017 . Pierluigi Paganini .
  61. Web site: Mirai Okiru: New DDoS botnet targets ARC-based IoT devices . . January 15, 2018 . 15 January 2018 . Mrs. Smith .
  62. Web site: New Mirai Okiru Botnet targets devices running widely-used ARC Processors . . January 15, 2018 . 15 January 2018 . Mohit Kumar .
  63. Web site: New Mirai botnet species 'Okiru' hunts for ARC-based kit . . January 16, 2018 . 16 January 2018 . John Leyden .
  64. Web site: Cybercrime launched a mass credential harvesting process, leveraging an IoT botnet . www.difesaesicurezza.com . February 11, 2019 . 11 February 2019 . Francesco Bussoletti .
  65. Taylor . Laura . 2017 . Fight Back Against Cybercrime . SSRN Electronic Journal . 10.2139/ssrn.3532785 . 1556-5068.