MalwareMustDie
MalwareMustDie, NPO is a white hat hacking research workgroup that was launched in August 2012. MalwareMustDie is a registered nonprofit organization as a medium for IT professionals and security researchers gathered to form a work flow to reduce malware infection in the internet. The group is known for their malware analysis blog. They have a list of Linux malware research and botnet analysis that they have completed. The team communicates information about malware in general and advocates for better detection for Linux malware.
MalwareMustDie is also known for their efforts in original analysis for a new emerged malware or botnet, sharing of their found malware source code to the law enforcement and security industry, operations to dismantle several malicious infrastructure, technical analysis on specific malware's infection methods and reports for the cyber crime emerged toolkits.
Several notable internet threats that were first discovered and announced by MalwareMustDie are:
- Prison Locker
- Mayhem
- Kelihos botnet v2
- ZeusVM
- Darkleech botnet analysis
- KINS
- Cookie Bomb
- Mirai
- LuaBot
- NyaDrop
- NewAidra or IRCTelnet
- Torlus aka Gafgyt/Lizkebab/Bashdoor/Qbot/BASHLITE)
- LightAidra
- PNScan
- STD Bot
- Kaiten botnets
- ChinaZ
- Xor DDoS
- IpTablesx
- DDoSTF
- DESDownloader
- Cayosin DDoS botnet
- DDoSMan
- AirDropBot DDoS botnet
- Mirai FBot DDoS botnet
- Kaiji IoT DDoS/bruter botnet
Recent activity of the team still can be seen in several noted threat disclosures, for example, the "FHAPPI" state-sponsored malware attack, the finding of first ARC processor malware, and "Strudel" threat analysis. The team continues to post new Linux malware research on Twitter and their subreddit.
MalwareMustDie compares their mission to the Crusades, emphasizing the importance of fighting online threats out of a sense of moral duty. Many people have joined the group because they want to help the community by contributing to this effort.