A protest! What's bad stays bad. Legalized any badness then you'll ruin the faith..

I think all American friends know exactly what will InfoSec people react to this "search warrant" (see twitter embedded below). Like it or not, I am a part of InfoSec non-"AmericaIn" faction and feeling VERY upset about this privacy-violation-anarchism.

Don't preach us anymore about the story of "freedom of speech", liberalism, human rights and privacy BULLSHIT, as non-"AmericaIn" we see that your government doesn't even care about thousands multinational people's privacy just to nail some crooks, people's rights are getting ripped from them as "disposable casualties / items" by this warrant and AND THAT IS WRONG! and this is the malicious verdict-->[HERE] with payload here-->[HERE]

This strategy (linked-->HERE) is not only against privacy, which was recognized to be violated significantly since the disclosure of "the Snowden issues", but the worst part of the problem has ESCALATED now..
This search warrant was LEGALIZED and will motivate bad people to use malware methods more! (hidden frame, drive-by-download, installing payloads, callbacks to CNC.. these MO ring any bell??) This is VERY principled matter to us.

How we as MMD suppose to suppress malware growth now IF a court order (linked-->HERE) from a country that created internet is PUBLICLY (I said publicly since that warrant is searchable and viewable w/o secrecy) has legalized the usage of malware??

There are still more options to dig up & use, there are also tons of good folks who are willing to help the FBI to nail crooks connected via Tor connection, yet WHY has the nastiest counteroffensive been chosen?? The Feds can come to us for examples and we can show them interesting ways to track the bad Tor users WITHOUT USING MALWARE!

This is going to be written in the history of malware, like, "In 2014 2012 US Court publicly issued search warrant to allow the FBI to use "malware method" on ..etc etc etc.." < How does it sound? (Thank's for the "friend" initialed AP who contacted and correction the date! )

I am off the field then, pick up some other player to play in this nasty game, this is just a WAY OUT OF LINE for me now. Ah, yes, BTW, you can expect me to STOP sharing malcodes and samples to US's entities .GOV, .MIL or .EDU as I am AFRAID those evil technology will be misused for the similar purpose ....or worse!

I still can't believe my eyes after reading and checking the facts, I KEEP MY FAITH for you guys, that FAITH was all that supported our research and sharing, our heartbeats...and you RUINED that faith now, what is BAD is just BAD..no matter what excuse is given to use it, WTF!

Unless something will be done accordingly from the US's side to put the perception back in the right place, this will be my last post on our belovd internet as malwaremustdie.

Oh yes, I am damn serious about everything I wrote!

Supported article:
http://www.wired.com/2014/08/operation_torpedo/
http://reason.com/blog/2014/08/06/fbi-tracking-tor-users
http://www.wowt.com/home/headlines/Fed-Tactics-on-Trial-in-Porn-Case-255716621.html
Twitter thread twitter.com/csoghoian/status/496700679084597249
https://www.facebook.com/malwaremustdie..

Feedbacks:

So that's your excuse to legitimate the wrong perception that your country's court legalized? Russian or China government NEVER issue warrant to legalize any malware. And you are saying something like: "if a scum can do a scum acts.. meaning good folks can do as scum does too? No way, friend. I was called as "vigilante" for the things that I didn't even done, what would THIS mass-infection of malware & public privacy exploitation be called then??


Ahahaha! Everyone knows I am NO QUITTER. You don't know me THAT well! This is a matter of what's RIGHT and what's WRONG. The worst part is, maybe samples and malcodes we snagged and shared to US governments were being used too to make that "legitimated" malware. America is the country built from good conscious, at least that was I truly believe, I guess I was very wrong.. My faith on what US can do to conduct RIGHT thing and WRONG thing in IT security and internet security had broken badly now.


Yep. Damn right I will.


And that isn't doing any greater good for us. BTW.. Want us to keep on VOLUNTEERING work hard?? Well.. we have some conditions like:
KEEP THE F** FAITH THEN!! We can still make a good fight without infecting innocent people and act like a crook! So STOP USING MALWARE!! REVOKE THAT IDIOTIC SEARCH WARRANT!!
What's the matter with you guys!! Wake up America!! Geez!


Nope! It is a PROTEST, not drama.
They're using driven-by-download "malware" to mass infecting visitor's PC of a site now, Sir. I drew a clear red line for that matter, and they just crossed it.
We're doing MMD for raising the world's awareness for people to be protected of malware, to fight it together, and in our back a government was opening warrant to "an indecent malware OP" executed, so now we have to oppose a government's mass malware too, it is just way out of line now.. Now I know WHY some people JUST DON'T WANT malware to be ended.
Ask anyone else to do the "charity analysis work" for the threat that MOSTLY attacking THAT country, and ask anyone else to feed THAT COUNTRY with malware codes then! I am out!


..as per US "can" revoke that warrant and doing as what good guys supposed do without using malicious driven-by-download that was "framed" in public accessed suspicious sites (I consider TOR and THAT .onion SITE as public visitable sites) and blindly mass infecting the innocent users. They can have their decision, I can decide mine too.

If ONE country start to play "anarchy" in internet and thinks that they own internet and can do whatever they want, like infecting people with malware, so let THAT COUNTRY clean up all of malware shits themself then, WITHOUT US! It's their internet after all, isn't it?


I had no plan on quitting, in fact there are at least 3 events I planned to attends & being as speaker. Why should I make THIS or "Snowden buff" as excuses for quitting? FYI, if I want, my sickness would be a perfect reason to quit if I wanted to yet I never use it at all, and I bet you haven't heard that too isn't it?

I don't care about Snowden and mass espionage he disclosed. But I care about THIS CASE since it is about legitimizing a malware that actually mass-infected a public network..just to aim some crooks.
Ask to yourself now: What would people say if ..say...MMD hacks GMail server just to aim several malware moronz that is currently using GMail?

Look, we are good guys, and good guys are supposed to work in good ways. Look at us (MalwareMustDie/MMD), MMD works under the law, and that LAW which was supposed to be built from conscious of RIGHT and WRONG. The technique used in "THAT malware" is definitely against moral and privacy aspects we all have, there is no way you can control the visitor of a public accessible site and there's no doubt that innocent victims were harmed (read: infected) and their privacy were violated too. Want to argue more about this? Should I disclosed some codes then??

There are SO MANY ways without using malware to trace the bad tor users, and I believe Tor Project folks will always cooperate to law enforcement. Why the LAW enforcer should use technique that is commonly used to break the LAW itself? Since when we started to allow Government uses malware?? Who says THAT IS OK?? Does US Congress know about this matter and approve this??? Because I am telling you all this method won't give ANY good merit to USA.

KEEP THE FAITH!! There are good people who is sacrificing after work hours by doing something good and having these FAITH, why government can't have the some faith??


I can answer this question practically, principally and morally speaking:

PRACTICALLY: How can we know that? It was mentioned THAT COUNTRY's LE was nailing ID of some crooks by the information gatherted during the infection by this method, meaning, the infection was applied, the information was gathered, the malware codes was implelented as hidden frame in public site which having possibility to be visited by innocent INTERNATIONAL users too (via redirection etc), so, it is logically all infected innocent people's privacy info are also in the hand of FBI. Do we have some kind of NDA about this with FBI somehow? Hell NO! This is a strictly privacy violation made by a one-sided country's law against INTERNATIONAL people!

PRINCIPALLY: (1)Infected a site with malcodes, (2) driven-by-download, (3) mass-infecting visitor of some sites, (4)gathering sensitive information, and (5)send those back to the CNC , are the definition of malicious infection method that we all fight EVERYDAY. If the law legalized this EVIL method for whatever reason they presented with that "Search Warrant", this means bad methods are becoming legit to be used for LE to nail a crook. FYI, I consulted with my lawyer and it was confirmed that warrant CAN BE USED for "using the same method" in many cases too. So now, we will have bad people using malware, and good people using malware, the things that we would love to end.

MORALLY: Do good people in order to nail a JERK have to be a JERK too by adapting the JERK's way to conduct stuff? Malware method is NEVER designed to support ANY goodness, all of malware basic concept are made and meant to: steal, spy, overpower, and destroy concepts.. I don't buy that "Using malware we can make a better world!!" buff! As good guys we should conduct our act WITH FAITH. NOTED: Using MALWARE is not the only option left for tracing Tor users. Many good researchers know and doing that in daily basis in proper ethical hacking way, why LE should use MALWARE?? This is just about a matter of Power Play for me. A lousy Show Off! USA can start loosing MORE friends for this, starting from ME.


We against the usage of malware by anyone, to whatever target, for whatever purpose! Every malware is naturally designed to infect, steal, spy, manipulate, attack or destructive purpose, that is why it was called MAL-WARE = MALICIOS SOFTWARE. There is nothing good that can come up by using malware, it may harm innocent people by: compromising the privacy information, destruction to your data, or worse than that.. There is no excuse to legitimate the usage of malware by blah blah reasons, and IT IS WRONG to evade the multinational people's privacy by infecting malware to thousands of PC to innocent users just to get 12 ID of crooks!! I still wonder why US Congress was allowing this miserable incompetent method to fight the crime!! We don't have to be a JERK to catch a JERK!!
Read our blog, is there any of our MMD post is containing illegal method?? NO! We can nail many BAD stuff by Ethical Hacking method, why can't you??


You damn right! We'll start to peel this crap first, then MAYBE we can call it even. Enough talking, let's start walking. I promise that MMD will aways be every malware-users' worst nightmare!


Sir. We do VALUE every effort we do, that's why we are protesting this. How we can SUPPRESS the usage of malware IF the country's that developed internet is allowing the usage of it, by a mere "regular search warrants from a district court"? They don't think of multinational right exists or what?? We are in purpose using Tor for PRIVACY and the FBI thinks they can ruined it ANYTIME by getting a regular search warrant..

We don't do our research for mere CHARITY. Let's simplify, what's WRONG just stay WRONG, there is no justification for it. No one can predict exactly what malware will run, malware is MAL-icious by its nature and name, using it in multinational sites for ANY purpose is just irresponsible OR disrespectful act to others. Who the FUCK was allowing the FBI in getting NON-AMERICAN IP's INFO in Tor? I didn't recall signing any NDA to let them do that too, not even in Tor Project SLA!


A bad misinterpretation of our protest:


Putting things right!

As you can see in the analysis above, the malicious hidden IFRAME redirector driven by javascript, which are implemented in some pages under the Freedom Hosting site, is redirecting users matching to criteria Wndows OS and Firefox browser to the specific .onion domain to exploit 0day CVE-2013-1690 and executing shellcode as the payload. The shellcode is sending ARP to the remote host followed by HTTP/1.1 GET to a host in USA that has no specific registered organization listed (ghost block IP), with the below trace:

65.222.202.54
ASN: 701 / UUNET
Prefix: 65.192.0.0/11
Vienna, Virginia, United States, North America
38.9012,-77.2653 Verizon Business
It's beyond any doubt now that sensitive information (READ: PRIVACY): (1) Infected PC hostname, (2) MacAddress (attached in ARP packet) and (3) IP address is sent to this remote host. Not to mention (4) the cookie which was installed in infected PC can be use for tracking purpose.
Below is the evidence of the traffic capture snapshot.
PCAP picture in big image-->[HERE]

A check mate!

Malware MUST Die! /* Including the legalized one! */