Over the past few months, a number of anti-malware groups, in particular @iamTheCavalry and @TheAnalogies, have received some notable media attention. A third group of volunteers, @MalwareMustDie, is also fighting the good fight for our common online safety.
The group’s Facebook page says a lot about its mission and goals: https://www.facebook.com/permalink.php?story_fbid=681898398557696&id=100002126260223
Q: Why did you start MMD?
A: We have known about malware for 20 years now, and still we have to live with it. We can’t do anything about this. Malicious codes are unavoidable. Even so, some use malware as a tool for cyber-crime, and the worst thing is, some very bad people really make a fortune off of it. This goes too far. I can’t just ignore those problems. So in the beginning, our team assembled under a common philosophy: to try and help suppress some users’ nefarious activities online and to motivate security awareness, especially with regards to malware.
Q: How long has MMD been around?
A: The end of August 2012 was our starting point.
Q: What have the results/achievements been so far?
A: We can be proud of the following: first, we have forced various companies to add more details to their analyses in their threat reports; and second, we have proactively targeted different cyber-crime initiatives, which has resulted in many vulnerability and hacking disclosures. Now people are starting to understand the importance of learning about malware in order to protect themselves.
Q: How satisfied are you with the results so far?
A: Not bad. We’re still up there and exist. That is the best achievement, after all. There are still a lot of things to build and fight for, and we’ll eventually get there.
Q: How many persons are assisting the MMD community?
A: Wow, quite a few… I would say 200+ now.
Q: How many new people sign up to help?
A: Every week we are evaluating members and supporters involved in our movement. In fact, we recently set up some filtering measures because we receive so many inquiries of interest.
Q: Do you need more volunteers?
A: Not precisely, no. We need the spirit of what we believe to be something that can be transferred to all online users. It is not a matter of quantity; it is a spirit and an idea. And this idea can’t be stopped or killed once it begins rolling.
Q: How do you recruit more?
A: We are never “aggressive” in recruitment; people around us just communicate on a daily basis and share with each other. There will be a point where we will become more integrated, at which point we will shift our focus.
Q: What is your experience and background?
A: I worked in the AV industry for years, and then I quit and dedicated myself to develop UNIX filtration software. I used to do assembly, and then I’d break it down for vulnerability tests.
Q: What made you hate malware and the people behind it?
A: I know a person who lost his whole pension fund when his online banking account was compromised by a piece of malware called Cridex. Also, I read in the news somewhere about a ransomware message that caused a father and son to die. I even attended a panel that demonstrated how much credit card information was stolen from a set of infected PC’s. God knows how much more compromised info is floating out there somewhere. Then later on, I helped a person who got his router hacked by a DNS setting changer, which redirected his whole network to a ransom site. That incident really pissed me off. It was the sum total of these events that made me come to believe that those who develop and circulate malware are just as bad as thieves and extortionists.
Q: Do you have a funny story that you want to share?
A: I don’t know if this is gonna be a funny story, but there was a day when I saw my own PC’s info in the credential panel of some scum. Luckily I never use Windows except for tests.
The Future of MMD
Q: What’s in the future for MMD?
A: We hope to transition into an Emergency Response Team that can support security entities, ISP, CERT and governments for threat intelligence and analysis.
Q: What can the infosec community do to help and how?
A: Infosec members are smart people. No doubt about that. If every infosec engineer makes a blog analyzing some malware threat and its source ID, which I do believe that many infosec people have the ability to do, like one blog a month, I surely think that the malware people will have a great deal of pressure mounted against them.
Q: Would you like to add any comments?
A: We can’t just keep on improving security on an individual tool or service basis. To make a difference, we need to put the bad people one by one on trial for the bad stuff they’re doing on the internet. It is the thing that SHOULD be done, and we are all doing what CAN be done to facilitate this process.
If you read this, and you have the ability to take malware apart, do it, share it, and write about it. If the advice of MMD is right, we have to put more pressure on, as MMD loves to call it, “The Moronz”, and if we pressure them enough, eventually they will feel it and they will slip up, get caught and get put away.
If you want to talk to MMD or to join the community, reach out to @MalwareMustDie on Twitter!
Claus Cramon Houmann | IT Security Consultant |@ClausHoumann