MalwareMustDie

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search
MalwareMustDie
MalwareMustDie,NPO Official Logo.jpg
MalwareMustDie logo
Abbreviation MMD
Formation August 28, 2012; 5 years ago (2012-08-28)
Type
Purpose
Headquarters Japan, Germany, France, United States
Region
Global
Membership
< 100
Website malwaremustdie.org

MalwareMustDie, NPO[1][2] as a whitehat security research workgroup, has been launched from August 2012. MalwareMustDie is a registered Nonprofit organization as a media for IT professionals and security researchers gathered to form a work flow to reduce malware infection in the internet. The group is known of their malware analysis blog. They have a list[3] of Linux malware research and botnet analysis that they have completed. The team communicates information about malware in general and advocates for better detection for Linux malware.[4]

MalwareMustDie is also known for their efforts in original analysis for a new emerged malware or botnet, sharing of their found malware source code[5] to the law enforcement and security industry, operations to dismantle several malicious infrastructure,[6][7] technical analysis on specific malware's infection methods and reports for the cyber crime emerged toolkits.

Several notable internet threats that has been firstly discovered and announced by MalwareMustDie team are i.e. Prison Locker[8] (ransomware), Mayhem[9][10] (Linux botnet), Kelihos botnet v2[11][12] - ZeusVM[13] - Darkleech botnet analysis[14] - KINS (Crime Toolkit), Cookie Bomb[15] (malicious PHP traffic redirection), Mirai[16][17][18][19] - LuaBot[20][21] - NyaDrop[22][23] - NewAidra or IRCTelnet[24][25][26] - Torlus aka Gafgyt/Lizkebab/Bashdoor/Qbot/BASHLITE)[27] - LightAidra [28] - PNScan[29][30][31] - STD Bot - Kaiten[32][33] botnets (Linux DDoS or malicious proxy botnet Linux malware), ChinaZ - Xor DDoS[34][35][36] - IpTablesx[37] - DDoSTF[38] - DESDownloader[39] (China DDoS Trojan).

The team has been also active in analysis for client vector threat's vulnerability, for example, Adobe Flash CVE-2013-0634 (LadyBoyle SWF exploit),[40][41] and other Adobe vulnerability (undisclosed) in 2014 to have MalwareMustDie received Security Acknowledgments for Independent Security Researchers from Adobe.[42] Another vulnerability researched by the team was reverse engineering a proof of concept for a backdoor case (CVE-2016-6564) of one brand of Android phone device that later on found affecting 2 billion devices.[43][44]

References[edit]

  1. ^ Jorg Thoma (March 3, 2013). "Nachts nehmen wir Malware-Seiten hoch". Golem DE. Retrieved 3 March 2013. 
  2. ^ Darren Pauli (September 12, 2013). "The rise of the whitehats". IT News. Retrieved 12 September 2013. 
  3. ^ unixfreaxjp (November 22, 2016). "Linux Malware Research List Updated". MalwareMustDie. Retrieved 22 November 2016. 
  4. ^ Emiliano Martinez (November 11, 2014). "virustotal += Detailed ELF information". Virus Total. Retrieved 11 November 2014. 
  5. ^ Ram Kumar (June 4, 2013). "Ransomware, IRC Worm, Zeus, Botnets source codes shared in Germany Torrent". E Hacking News. Retrieved 4 June 2013. 
  6. ^ Catalin Cimpanu (June 24, 2016). "Ukrainian Group May Be Behind New DELoader Malware". Softpedia. Retrieved 24 June 2016. 
  7. ^ UnderNews Actu (July 27, 2013). "Malware Must Die : Operation Tango Down - sur des sites russes malveillants". Undernews FR. Retrieved 27 July 2013. 
  8. ^ Dan Goodin (January 7, 2014). "Researchers warn of new, meaner ransomware with unbreakable crypto". Ars Technica. Retrieved 7 January 2014. 
  9. ^ Ionut Ilascu (October 10, 2014). "Mayhem Botnet Relies on Shellshock Exploit to Expand". Softpedia. Retrieved 10 October 2014. 
  10. ^ Michael Mimoso (October 9, 2014). "Shellshock Exploits Spreading Mayhem Botnet Malware". Threat Post. Retrieved 9 October 2014. 
  11. ^ Michael Mimoso (August 28, 2013). "Kelihos Relying on CBL Blacklists to Evaluate New Bots". Threat Post. Retrieved 28 August 2013. 
  12. ^ Eduard Kovacs (November 13, 2013). "Second Version of Hlux/Kelihos Botnet". Softpedia. Retrieved 13 November 2013. 
  13. ^ Ionut Ilascu (July 6, 2015). "Infections with ZeusVM Banking Malware Expected to Spike As Building Kit Is Leaked". Softpedia. Retrieved 6 July 2015. 
  14. ^ Info Security Magazine (April 5, 2013). "Darkleech infects 20,000 websites in just a few weeks". Info Security Group. Retrieved 5 April 2013. 
  15. ^ Brian Prince (August 19, 2013). "CookieBomb Attacks Compromise Legitimate Sites". Security Week. Retrieved 19 August 2013. 
  16. ^ njccic (December 28, 2016). "Mirai Botnet". The New Jersey Cybersecurity and Communications Integration Cell (NJCCIC). Retrieved 28 December 2016. 
  17. ^ Odisseus (September 5, 2016). "Linux/Mirai ELF, when malware is recycled could be still dangerous". Security Affair. Retrieved 5 September 2016. 
  18. ^ Allan Tan (December 12, 2014). "Bots-powered DDOS looms large over Asia's banks". FINTECH. Retrieved 12 December 2014. 
  19. ^ Johannes B. Ullrich, Ph.D. (October 3, 2016). "The Short Life of a Vulnerable DVR Connected to the Internet". SANS ISC / isc.sans.edu. Retrieved 3 October 2016. 
  20. ^ Catalin Cimpanu (September 5, 2016). "LuaBot Is the First DDoS Malware Coded in Lua Targeting Linux Platforms". Softpedia. Retrieved 5 September 2016. 
  21. ^ Catalin Cimpanu (September 17, 2016). "LuaBot Author Says His Malware Is "Not Harmful"". Softpedia. Retrieved 17 September 2016. 
  22. ^ David Bisson (October 17, 2016). "NyaDrop exploiting Internet of Things insecurity to infect Linux devices with malware". Graham Culey. Retrieved 17 October 2016. 
  23. ^ Catalin Cimpanu (October 14, 2016). "A New Linux Trojan Called NyaDrop Threatens the IoT Landscape". Softpedia. Retrieved 14 October 2016. 
  24. ^ Charlie Osborne (November 1, 2016). "Hackers release new malware into the wild for Mirai botnet successor". ZDNET. Retrieved 1 November 2016. 
  25. ^ Ken Briodagh (November 1, 2016). "Security Blogger Identifies Next IoT Vulnerability, This Time on Linux OS". IoT Evolution World. Retrieved 1 November 2016. 
  26. ^ John Leyden (October 31, 2016). "A successor to Mirai? Newly discovered malware aims to create fresh IoT botnet". The Register. Retrieved 31 October 2016. 
  27. ^ Liam Tung (September 25, 2014). "First attacks using shellshock Bash bug discovered". ZDNet. Retrieved 25 September 2014. 
  28. ^ John Leyden (September 9, 2014). "Use home networking kit? DDoS bot is BACK... and it has EVOLVED". The Register. Retrieved 9 September 2014. 
  29. ^ Pierluigi Paganini (August 25, 2016). "Linux.PNScan Trojan is back to compromise routers and install backdoors". Security Affair. Retrieved 25 August 2016. 
  30. ^ SecurityWeek News (August 24, 2016). "Linux Trojan Brute Forces Routers to Install Backdoors". Security Week. Retrieved 24 August 2016. 
  31. ^ Catalin Cimpanu (August 25, 2016). "PNScan Linux Trojan Resurfaces with New Attacks Targeting Routers in India". Softpedia. Retrieved 25 August 2016. 
  32. ^ John Leyden (March 30, 2016). "Infosec miscreants are peddling malware that will KO your router". The Register. Retrieved 30 March 2016. 
  33. ^ Steve Ragan (February 22, 2016). "Linux Mint hacked: Compromised data up for sale, ISO downloads backdoored (with Kaiten)". CSO Online. Retrieved 22 February 2016. 
  34. ^ Ionut Ilascu (April 9, 2015). "Group Uses over 300,000 Unique Passwords in SSH Log-In Brute-Force Attacks". Softpedia. Retrieved 9 April 2015. 
  35. ^ Lucian Constantin (February 6, 2015). "Sneaky Linux malware comes with sophisticated custom-built rootkit". PC World. Retrieved 6 February 2015. 
  36. ^ Liam Tung (September 30, 2015). "Linux-powered botnet generates giant denial-of-service attacks". ZDNet. Retrieved 30 September 2015. 
  37. ^ Jorg Thoma (September 4, 2014). "DDoS-Malware auf Linux-Servern entdeckt". Golem DE. Retrieved 4 September 2014. 
  38. ^ Catalin Cimpanu (January 6, 2016). "Windows and Linux Malware Linked to Chinese DDoS Tool". Softpedia. Retrieved 6 January 2016. 
  39. ^ Emerging Threat (June 25, 2014). "Proofpoint Emerging Threat Daily Ruleset Update Summary 2015/06/25". Proofpoint. Retrieved 25 June 2015. 
  40. ^ Boris Ryutin, Juan Vazquaez (July 17, 2013). "Adobe Flash Player Regular Expression Heap Overflow CVE-2013-0634". Rapid7. Retrieved 17 July 2013. 
  41. ^ WoW on Zataz.com (February 10, 2013). "Gondad Exploit Pack Add Flash CVE-2013-0634 Support". Eric Romang Blog. Retrieved 10 February 2013. 
  42. ^ Adobe team (February 1, 2014). "Adobe.com Security Acknowledgments (2014)". Adobe.com. Retrieved 1 February 2014. 
  43. ^ Jeremy Kirk (November 21, 2016). "More Dodgy Firmware Found on Android Devices". Bank Info Security. Retrieved 21 November 2015. 
  44. ^ unixfreaxjp (January 20, 2016). "China "OEM" Android ELF pre-installed #backdoor". Pastebin.com. Retrieved 20 January 2016.