MalwareMustDie

MalwareMustDie
AbbreviationMMD
FormationAugust 28, 2012; 12 years ago (2012-08-28)
Type
Purpose
HeadquartersJapan, Germany, France, United States
Region
Global
Membership
< 100
Websitewww.malwaremustdie.org

MalwareMustDie, NPO[1][2] is a whitehat security research workgroup that was launched in August 2012. MalwareMustDie is a registered nonprofit organization as a medium for IT professionals and security researchers gathered to form a work flow to reduce malware infection in the internet. The group is known for their malware analysis blog.[3] They have a list[4] of Linux malware research and botnet analysis that they have completed. The team communicates information about malware in general and advocates for better detection for Linux malware.[5]

MalwareMustDie is also known for their efforts in original analysis for a new emerged malware or botnet, sharing of their found malware source code[6] to the law enforcement and security industry, operations to dismantle several malicious infrastructure,[7][8] technical analysis on specific malware's infection methods and reports for the cyber crime emerged toolkits.

Several notable internet threats that were first discovered and announced by MalwareMustDie are:

MalwareMustDie has also been active in analysis for client vector threat's vulnerability. For example, Adobe Flash CVE-2013-0634 (LadyBoyle SWF exploit)[56][57] and other undisclosed Adobe vulnerabilities in 2014 have received Security Acknowledgments for Independent Security Researchers from Adobe.[58] Another vulnerability researched by the team was reverse engineering a proof of concept for a backdoor case (CVE-2016-6564) of one brand of Android phone device that was later found to affect 2 billion devices.[59]

Recent activity of the team still can be seen in several noted threat disclosures, for example, the "FHAPPI" state-sponsored malware attack,[60] the finding of first ARC processor malware,[61][62][63] and "Strudel" threat analysis (credential stealing scheme). [64] The team continues to post new Linux malware research on Twitter and their subreddit.

MalwareMustDie compares their mission to the Crusades, emphasizing the importance of fighting online threats out of a sense of moral duty. Many people have joined the group because they want to help the community by contributing to this effort.[65]

  1. ^ Jorg Thoma (March 3, 2013). "Nachts nehmen wir Malware-Seiten hoch". Golem.de [de]. Retrieved 3 March 2013.
  2. ^ Darren Pauli (September 12, 2013). "The rise of the whitehats". IT News. Retrieved 12 September 2013.
  3. ^ "MalwareMustDie! · MMD Malware Research Blog". blog.malwaremustdie.org.
  4. ^ unixfreaxjp (November 22, 2016). "Linux Malware Research List Updated". MalwareMustDie. Retrieved 22 November 2016.
  5. ^ Emiliano Martinez (November 11, 2014). "virustotal += Detailed ELF information". Virus Total. Retrieved 11 November 2014.
  6. ^ Ram Kumar (June 4, 2013). "Ransomware, IRC Worm, Zeus, Botnets source codes shared in Germany Torrent". E Hacking News. Retrieved 4 June 2013.
  7. ^ Catalin Cimpanu (June 24, 2016). "Ukrainian Group May Be Behind New DELoader Malware". Softpedia. Retrieved 24 June 2016.
  8. ^ UnderNews Actu (July 27, 2013). "Malware Must Die : Operation Tango Down - sur des sites russes malveillants". undernews.fr. Retrieved 27 July 2013.
  9. ^ Dan Goodin (January 7, 2014). "Researchers warn of new, meaner ransomware with unbreakable crypto". Ars Technica. Retrieved 7 January 2014.
  10. ^ Ionut Ilascu (October 10, 2014). "Mayhem Botnet Relies on Shellshock Exploit to Expand". Softpedia. Retrieved 10 October 2014.
  11. ^ Michael Mimoso (October 9, 2014). "Shellshock Exploits Spreading Mayhem Botnet Malware". Threat Post. Retrieved 9 October 2014.
  12. ^ Michael Mimoso (August 28, 2013). "Kelihos Relying on CBL Blacklists to Evaluate New Bots". Threat Post. Retrieved 28 August 2013.
  13. ^ Eduard Kovacs (November 13, 2013). "Second Version of Hlux/Kelihos Botnet". Softpedia. Retrieved 13 November 2013.
  14. ^ Ionut Ilascu (July 6, 2015). "Infections with ZeusVM Banking Malware Expected to Spike As Building Kit Is Leaked". Softpedia. Retrieved 6 July 2015.
  15. ^ Info Security Magazine (April 5, 2013). "Darkleech infects 20,000 websites in just a few weeks". www.infosecurity-magazine.com. Retrieved 5 April 2013.
  16. ^ Brian Prince (August 19, 2013). "CookieBomb Attacks Compromise Legitimate Sites". www.securityweek.com. Retrieved 19 August 2013.
  17. ^ njccic (December 28, 2016). "Mirai Botnet". The New Jersey Cybersecurity and Communications Integration Cell (NJCCIC). Retrieved 28 December 2016.
  18. ^ Odisseus (September 5, 2016). "Linux/Mirai ELF, when malware is recycled could be still dangerous". www.securityaffairs.co. Retrieved 5 September 2016.
  19. ^ Allan Tan (December 12, 2014). "Bots-powered DDOS looms large over Asia's banks". www.enterpriseinnovation.net. Retrieved 12 December 2014.
  20. ^ Johannes B. Ullrich, Ph.D. (October 3, 2016). "The Short Life of a Vulnerable DVR Connected to the Internet". www.isc.sans.edu. Retrieved 3 October 2016.
  21. ^ Catalin Cimpanu (September 5, 2016). "LuaBot Is the First DDoS Malware Coded in Lua Targeting Linux Platforms". Softpedia. Retrieved 5 September 2016.
  22. ^ Catalin Cimpanu (September 17, 2016). "LuaBot Author Says His Malware Is "Not Harmful"". Softpedia. Retrieved 17 September 2016.
  23. ^ David Bisson (October 17, 2016). "NyaDrop exploiting Internet of Things insecurity to infect Linux devices with malware". Graham Cluley. Retrieved 17 October 2016.
  24. ^ Catalin Cimpanu (October 14, 2016). "A New Linux Trojan Called NyaDrop Threatens the IoT Landscape". Softpedia. Retrieved 14 October 2016.
  25. ^ Charlie Osborne (November 1, 2016). "Hackers release new malware into the wild for Mirai botnet successor". ZDNET. Retrieved 1 November 2016.
  26. ^ Ken Briodagh (November 1, 2016). "Security Blogger Identifies Next IoT Vulnerability, This Time on Linux OS". www.iotevolutionworld.com. Retrieved 1 November 2016.
  27. ^ John Leyden (October 31, 2016). "A successor to Mirai? Newly discovered malware aims to create fresh IoT botnet". The Register. Retrieved 31 October 2016.
  28. ^ Liam Tung (September 25, 2014). "First attacks using shellshock Bash bug discovered". ZDNet. Retrieved 25 September 2014.
  29. ^ John Leyden (September 9, 2014). "Use home networking kit? DDoS bot is BACK... and it has EVOLVED". The Register. Retrieved 9 September 2014.
  30. ^ Pierluigi Paganini (August 25, 2016). "Linux.PNScan Trojan is back to compromise routers and install backdoors". securityaffairs.co. Retrieved 25 August 2016.
  31. ^ SecurityWeek News (August 24, 2016). "Linux Trojan Brute Forces Routers to Install Backdoors". www.securityweek.com. Retrieved 24 August 2016.
  32. ^ Catalin Cimpanu (August 25, 2016). "PNScan Linux Trojan Resurfaces with New Attacks Targeting Routers in India". Softpedia. Retrieved 25 August 2016.
  33. ^ John Leyden (March 30, 2016). "Infosec miscreants are peddling malware that will KO your router". The Register. Retrieved 30 March 2016.
  34. ^ Steve Ragan (February 22, 2016). "Linux Mint hacked: Compromised data up for sale, ISO downloads backdoored (with Kaiten)". CSO Online. Retrieved 22 February 2016.
  35. ^ Ionut Ilascu (April 9, 2015). "Group Uses over 300,000 Unique Passwords in SSH Log-In Brute-Force Attacks". Softpedia. Retrieved 9 April 2015.
  36. ^ Lucian Constantin (February 6, 2015). "Sneaky Linux malware comes with sophisticated custom-built rootkit". PC World. Retrieved 6 February 2015.
  37. ^ Liam Tung (September 30, 2015). "Linux-powered botnet generates giant denial-of-service attacks". ZDNet. Retrieved 30 September 2015.
  38. ^ Jorg Thoma (September 4, 2014). "DDoS-Malware auf Linux-Servern entdeckt". Golem.de [de]. Retrieved 4 September 2014.
  39. ^ Catalin Cimpanu (January 6, 2016). "Windows and Linux Malware Linked to Chinese DDoS Tool". Softpedia. Retrieved 6 January 2016.
  40. ^ Emerging Threat (June 25, 2014). "Proofpoint Emerging Threat Daily Ruleset Update Summary 2015/06/25". Proofpoint. Retrieved 25 June 2015.
  41. ^ Pierluigi Paganini, Odisseus and Unixfreaxjp (February 9, 2019). "Exclusive – MalwareMustDie Team analyzed the Cayosin Botnet and its criminal ecosystem". www.securityaffairs.co. Retrieved February 9, 2019.
  42. ^ Paul Scott (February 3, 2019). "Tragedy strikes! Cayosin Botnet combines Qbot and Mirai to cause Erradic behavior". perchsecurity.com. Retrieved February 3, 2019.
  43. ^ Curtis Franklin Jr. (February 4, 2019). "New Botnet Shows Evolution of Tech and Criminal Culture". www.darkreading.com. Retrieved February 4, 2019.
  44. ^ Pierluigi Paganini, Odisseus (April 2, 2019). "BREAKING: new update about DDoS'er Linux/DDoSMan ELF malware based on Elknot". www.securityaffairs.co. Retrieved April 2, 2019.
  45. ^ Cyware (April 1, 2019). "New Linux/DDosMan threat emerged from an evolution of the older Elknot". www.cyware.com. Retrieved April 1, 2019.
  46. ^ SOC Prime (April 1, 2019). "Chinese ELF Prepares New DDoS Attacks". www.socprime.com. Retrieved April 1, 2019.
  47. ^ Pierluigi Paganini (September 30, 2019). "Analysis of a new IoT malware dubbed Linux/AirDropBot". Security Affairs. Retrieved September 30, 2019.
  48. ^ Adm1n (October 10, 2019). "IoT Malware Linux/AirDropBot – What Found Out". October 10, 2019. Retrieved October 10, 2019.{{cite web}}: CS1 maint: numeric names: authors list (link)
  49. ^ MalBot (October 1, 2019). "Linux AirDropBot Samles". Malware News. Retrieved October 1, 2019.
  50. ^ Brittany Day (April 3, 2020). "Linux Malware: The Truth About This Growing Threat". Linux Security. Retrieved April 3, 2020.
  51. ^ Pierluigi Paganini (February 26, 2020). "Fbot re-emerged, the backstage". Security Affairs. Retrieved February 26, 2020.
  52. ^ Patrice Auffret (March 4, 2020). "Analyzing Mirai-FBot infected devices found by MalwareMustDie". ONYPHE - Your Internet SIEM. Retrieved March 4, 2020.
  53. ^ Silviu Stahie (May 7, 2020). "New Kaiji Botnet Malware Targets IoT, But 'New' Doesn't Mean 'Undetectable'". Security Boulevard. Retrieved May 7, 2020.
  54. ^ Carlton Peterson (May 6, 2020). "Researchers Find New Kaiji Botnet Targeting IoT, Linux Devices". Semi Conductors Industry. Retrieved May 7, 2020.
  55. ^ Catalin Cimpanu (May 5, 2020). "New Kaiji malware targets IoT devices via SSH brute-force attacks". ZDNet. Retrieved May 7, 2020.
  56. ^ Boris Ryutin, Juan Vazquaez (July 17, 2013). "Adobe Flash Player Regular Expression Heap Overflow CVE-2013-0634". Rapid7. Retrieved 17 July 2013.
  57. ^ WoW on Zataz.com (February 10, 2013). "Gondad Exploit Pack Add Flash CVE-2013-0634 Support". Eric Romang Blog at zataz.com. Retrieved 10 February 2013.
  58. ^ Adobe team (February 1, 2014). "Adobe.com Security Acknowledgments (2014)". Adobe.com. Retrieved 1 February 2014.
  59. ^ Jeremy Kirk (November 21, 2016). "More Dodgy Firmware Found on Android Devices". www.bankinfosecurity.com. Retrieved 21 November 2015.
  60. ^ Pierluigi Paganini (March 21, 2017). "Dirty Political Spying Attempt behind the FHAPPI Campaign". securityaffairs.co. Retrieved 21 March 2017.
  61. ^ Mrs. Smith (January 15, 2018). "Mirai Okiru: New DDoS botnet targets ARC-based IoT devices". CSO Online. Retrieved 15 January 2018.
  62. ^ Mohit Kumar (January 15, 2018). "New Mirai Okiru Botnet targets devices running widely-used ARC Processors". Hacker News. Retrieved 15 January 2018.
  63. ^ John Leyden (January 16, 2018). "New Mirai botnet species 'Okiru' hunts for ARC-based kit". The Register. Retrieved 16 January 2018.
  64. ^ Francesco Bussoletti (February 11, 2019). "Cybercrime launched a mass credential harvesting process, leveraging an IoT botnet". www.difesaesicurezza.com. Retrieved 11 February 2019.
  65. ^ Taylor, Laura (2017). "Fight Back Against Cybercrime". SSRN Electronic Journal. doi:10.2139/ssrn.3532785. ISSN 1556-5068.