About

Welcome to MalwareMustDie's malware research blog!

MalwareMustDie, as a white-hat security research workgroup, launched in August 2012, is a registered NPO organization as media for security professionals and researchers gathered to form the work-flow to reduce malware infection in internet. We work to raise malware awareness by sharing an active of malware infection threat information and trend to the internet users, helping security vendors and public automation malware-related scanning/decoding tools by providing in depth decode analysis to the recent malware infection frameworks, and work with legal authorities to take down malware domains.

We aim to establish good relationships vertically with authorities, and horizontally with the fellow researchers and security entities, so that cooperation can be enlisted in dismatling domains that host malware and its infectors in internet, along wth assisting law enforcement with our knowledge of malware analysis.

Our published malware dissection reports can be viewed in our media i.e. this blog - in posts that shares research materials for education purpose in malware analysis, the sample sharing to increase the malware detection ratio, we upload our malware samples in Virus Total after the necessary handling had been done, and we also share the method we used for research in a Google Project (contains of tools, codes and tips), and our drafts and guides on the pastebin.
You can reach many more media we use from sidebar menu or from our web site.

The background of our group can be read in here. We may use some terms "crusade", which is, adapted from the medieval terminology; is used for a condition while a member is online, contributing his "private" time in analyzing a threat of a malware infection scheme; Or we use several knights as avatar as our identities, but that does not mean we are in any relation with any kind of religious "club", but as symbols, just like if Linux is using penguin as logo or FreeBSD is on D"a"emon character.

All of research materials collected are investigated and checked for its credibility quality as cybercrime before posted as analysis research or passed as a report to the authority or to be published in our mentioned publication media. We encourage people in the internet to interact with security experts on malware analysis and infection handling, for that purpose we provide Q & A via twitter. All of the research information that we share is bound to our legal disclaimer.


Reports, news and mentions during establishment period

We collected the news about us during our earliest establishment period and can be viewed as per below list.
With thank you very much to the fellow researchers, news media and friends for the kindly mention our works.

News: Die Malware Crusaders kampfen gegen Schadsoftware. Hacker gegen Malware "Nachts nehmen wir Malware-Seiten hoch"
News (mentioned): The rise of the white hats
News: Second Version of Hlux/Kelihos Botnet Getting Smaller, MalwareMustDie disagrees with the figures..
News: Malware Must Die : Operation « Tango Down » sur des sites russes malveillants
News (mentioned): Kelihos Relying on CBL Blacklists to Evaluate New Bots
News: CookieBomb Attacks Compromise Legitimate Sites
News (mentioned/quoted): Exclusive: Ongoing malware attack targeting Apache hijacks 20,000 sites
Report: Deactivation of severe .RU malware infector domains (collaboration w/CERT-GIB friends)
Report: The shutdown of Malware Domains served by Malicious DNS
Report: Guide to decode Blackhole infected sites released
Mentioned: Octopi Managed Services: "About Malware Must Die"
Mentioned: Cisco Blog: New Fake UPS Malware Email Campaign
Mentioned: Eromang - Boeing-job.com Campaign and Adobe Flash 0days
Mentioned: Sam Bowne's CNIT 126: Practical Malware Analysis
Mentioned in Talos/VRT/Snort: The 0-day That Wasn't: Dissecting A Highly Obfuscated PDF Attack
Mentioned: Kahu Security - Clever Redirect to Impact EK
Mentioned: Contagio - Blackhole 2 exploit kit (partial pack) and ZeroAccess
Mentioned: E-Hacking News: Spam Tweets : "My aunt joined and is making 2k .."
Mentioned: 0x109 - Evading AV signatures, BHEK2 way
Mentioned: A Guide of confirming a hacked legit service by Blackhole Exploit Kit
Reference: Botnets.fr - Getting more personal and deeper into Cridex with parfeit credential stealer
Mentioned: Cyren - Analysis Drive-by-Malware ½·Eine Analyse (Eleven-securityblog.de)
Mentioned: DNS-BH Sinkhole - Big Update: 211 Serenity Exploit Kit, Malspam, Malicious Domains

And there are plenty more MalwareMudtDie workgroup's works were mentioned in the internet media and security research reports afterward.
Please search "MalwareMustDie" keyword in your favorite search engine for the "recent" news results.