MalwareMustDie
Whitehat security research workgroup
From Wikipedia, the free encyclopedia
MalwareMustDie (MMD), NPO[1][2] is a white hat hacking research workgroup that was launched in August 2012 by KLJTech owner and former Kaspersky Labs Japan CEO Hendrik Adrian.[3] MalwareMustDie is a registered nonprofit organization as a medium for IT professionals and security researchers gathered to form a work flow to reduce malware infection in the internet. The group is known for their malware analysis blog.[4] The team communicates information about malware in general and advocates for better detection for Linux malware.[5]
MalwareMustDie logo | |
| Abbreviation | MMD |
|---|---|
| Formation | August 28, 2012 |
| Founder | Hendrik Adrian |
| Type | |
| Purpose | Security research and awareness |
| Headquarters | Japan, Germany, France, United States |
Region | Global |
| Membership | < 100 |
| Website | www |
MalwareMustDie is also known for their efforts in original analysis for newly emerged malware and botnets, sharing of malware source code they have identified[6] to the law enforcement and security industry, operations to dismantle several malicious infrastructure,[7][8] technical analysis on specific malware's infection methods.
Several notable internet threats that were first discovered and announced by MalwareMustDie are:
- Prison Locker[9] (ransomware)
- Mayhem[10][11] (Linux botnet)
- Kelihos botnet v2[12][13]
- ZeusVM[14]
- Darkleech botnet analysis[15]
- KINS (Crime Toolkit)
- Cookie Bomb[16] (malicious PHP traffic redirection)
- Mirai[17][18][19][20]
- LuaBot[21][22]
- NyaDrop[23][24]
- NewAidra or IRCTelnet[25][26][27]
- Torlus aka (Gafgyt/Lizkebab/Bashdoor/Qbot/BASHLITE)[28]
- LightAidra [29]
- PNScan[30][31][32]
- STD Bot
- Kaiten[33][34] botnets (Linux DDoS or malicious proxy botnet Linux malware)
- ChinaZ (China DDoS Trojan)
- Xor DDoS[35][36][37] (China DDoS Trojan)
- IpTablesx[38] (China DDoS Trojan)
- DDoSTF[39] (China DDoS Trojan)
- DESDownloader[40] (China DDoS Trojan)
- Cayosin DDoS botnet[41][42][43]
- DDoSMan[44][45][46] (China DDoS Trojan)
- AirDropBot DDoS botnet[47][48][49]
- Mirai FBot DDoS botnet[50][51][52]
- Kaiji IoT DDoS/bruter botnet[53][54][55]
MalwareMustDie has also been active in analysis for client vector threat's vulnerability. For example, Adobe Flash CVE-2013-0634 (LadyBoyle SWF exploit)[56][57] and other undisclosed Adobe vulnerabilities in 2014 have received Security Acknowledgments for Independent Security Researchers from Adobe.[58] Another vulnerability researched by the team was reverse engineering a proof of concept for a backdoor case (CVE-2016-6564) of one brand of Android phone device that was later found to affect 2 billion devices.[59]
Recent activity of the team still can be seen in several noted threat disclosures, for example, the "FHAPPI" state-sponsored malware attack,[60] the finding of first ARC processor malware,[61][62][63] and "Strudel" threat analysis (credential stealing scheme).[64] The team continues to post new Linux malware research on Twitter and their subreddit.