© MalwareMustDie,NPO 2017. All rights reserved.
Built by Jekyll, based on Poole and BlackDoc on FreeBSD, posts are in Markdown and Rouge highlighter with templates coded in Liquid.

2017 2016 2015 2014 2013 2012

Posts archive: 2014

2014 Nov

Nov 08 - China ELF botnet malware infection & distribution scheme unleashed

2014 Oct

Oct 07 - MMD-0029-2014 - Warning of Mayhem shellshock attack

2014 Sep

Sep 29 - MMD-0028-2014 - Linux/XOR.DDoS : Fuzzy reversing a new China ELF
Sep 26 - MMD-0027-2014 - Linux/Bashdoor & small backdoor - at 0day (shellshock): The fun has only just begun.. (Part 1)
Sep 15 - Tango down report of OP China ELF DDoS'er
Sep 13 - MMD-0026-2014 - Linux/AES.DDoS: Router Malware Warning | Reversing an ARM arch ELF

2014 Aug

Aug 24 - Another country-sponsored #malware: Vietnam APT Campaign
Aug 11 - A protest! What's bad stays bad. Legalized any badness then you'll ruin the faith..

2014 Jun

Jun 16 - MMD-0025-2014 - ITW Infection of ELF .IptabLex & .IptabLes China #DDoS bots malware
Jun 11 - MMD-0024-2014 - Recent Incident Report of Linux/Mayhem (LD_PRELOAD) libworker.so "Mayhem" Linux malware botnet attack in Joomla! VPS
Jun 09 - DDoS'er as Service - a camouflage of legit stresser/booter/etc
Jun 02 - A journey to abused FTP sites (story of: Shells, Malware, Bots, DDoS & Spam) - Part 2

2014 May

May 31 - A journey to abused FTP sites (story of: Shells, Malware, Bots, DDoS & Spam) - Part 1
May 28 - Sample sharing for #MalwareMustDie recent ELF analysis
May 25 - Disclaimer, guide line in sharing of research material and malicious source code
May 23 - MMD-0023-2014 - Linux/pscan & Linux/sshscan: SSH bruter malware: A payback with attacker's email disclosure.
May 22 - Video tutorial to extract, kill, debug & traffic capture ELF .so shared library malware that's using LD_PRELOAD
May 18 - MMD-0022-2014 - Zendran, Multi-Arc ELF DDoS (lightaidra ircd base) - Part 1: background, installation, reversing & CnC access
May 13 - MMD-0021-2014 - Linux/Elknot: China's ELF DDoS+backdoor
May 08 - MMD-0020-2014 - Analysis of Linux/Mayhem infection: A shared DYN libs malicious ELF: libworker.so

2014 Apr

Apr 09 - MMD-0019-2014 - When a hacker got hacked - xakep.biz evil tools
Apr 03 - MMD-0018-2014 - Analysis note: "Upatre" is back to SSL?

2014 Mar

Mar 24 - Discontinuation of Malware Crusader Forum
Mar 23 - MMD-0017-2014 - A post to sting Zeus P2P/Gameover crooks :))

2014 Feb

Feb 25 - Tango Down: The takedown of 209,306 .IN.NET Nuclear Pack DGA domains
Feb 24 - How public services like Amazon AWS, DropBox, Google Project/Code & Google ShortURL got abused to infect malware
Feb 18 - Long Talk "AV Tokyo 2013.5" - #Kelihos #CookieBomb #RedKit : Bad Actor's Arrest Request Filed Officially
Feb 13 - Tango Down of Nuclear Pack's 174 Multiple Registered .PW Domains
Feb 13 - MMD-0016-2014 - The JackPOS Behind the Screen
Feb 05 - MMD-0015-2014 - One upon the time with American Express Phishing Session..

2014 Jan

Jan 30 - ..And another "detonating" method of CookieBomb 2.0 - Part 2
Jan 23 - ..And another "detonating" method of CookieBomb 2.0 - Part 1
Jan 03 - MMD-0014-2014 - New Locker: Prison Locker (aka: Power Locker ..or whatever those bad actor call it)
Jan 02 - MMD-0013-2014 - "Shadow Logger" - .NET's FUD Keylogger