MalwareMustDie

MalwareMustDie, NPO is a whitehat security research workgroup that was launched in August 2012. MalwareMustDie is a registered nonprofit organization as a medium for IT professionals and security researchers gathered to form a work flow to reduce malware infection in the internet. The group is known for their malware analysis blog. They have a list of Linux malware research and botnet analysis that they have completed. The team communicates information about malware in general and advocates for better detection for Linux malware.

MalwareMustDie is also known for their efforts in original analysis for a new emerged malware or botnet, sharing of their found malware source code to the law enforcement and security industry, operations to dismantle several malicious infrastructure, technical analysis on specific malware's infection methods and reports  for the cyber crime emerged toolkits.

Several notable internet threats that were first discovered and announced by MalwareMustDie are:


 * Prison Locker (ransomware)
 * Mayhem (Linux botnet)
 * Kelihos botnet v2
 * ZeusVM
 * Darkleech botnet analysis
 * KINS (Crime Toolkit)
 * Cookie Bomb (malicious PHP traffic redirection)
 * Mirai
 * LuaBot
 * NyaDrop
 * NewAidra or IRCTelnet
 * Torlus aka Gafgyt/Lizkebab/Bashdoor/Qbot/BASHLITE)
 * LightAidra
 * PNScan
 * STD Bot
 * Kaiten botnets (Linux DDoS or malicious proxy botnet Linux malware)
 * ChinaZ (China DDoS Trojan)
 * Xor DDoS  (China DDoS Trojan)
 * IpTablesx (China DDoS Trojan)
 * DDoSTF (China DDoS Trojan)
 * DESDownloader (China DDoS Trojan)
 * Cayosin DDoS botnet
 * DDoSMan  (China DDoS Trojan)
 * AirDropBot DDoS botnet
 * Mirai FBot DDoS botnet
 * Kaiji IoT DDoS/bruter botnet

MalwareMustDie has also been active in analysis for client vector threat's vulnerability. For example, Adobe Flash (LadyBoyle SWF exploit)  and other undisclosed Adobe vulnerabilities in 2014 have received Security Acknowledgments for Independent Security Researchers from Adobe. Another vulnerability researched by the team was reverse engineering a proof of concept for a backdoor case of one brand of Android phone device that was later found to affect 2 billion devices.

Recent activity of the team still can be seen in several noted threat disclosures, for example, the "FHAPPI" state-sponsored malware attack, the finding of first ARC processor malware,  and "Strudel" threat analysis (credential stealing scheme). The team continues to post new Linux malware research on Twitter and their subreddit.

MalwareMustDie compares their mission to the Crusades, emphasizing the importance of fighting online threats out of a sense of moral duty. Many people have joined the group because they want to help the community by contributing to this effort.