Underworld runs a malware collector who visits websites attempting to download any malware from the site. Today’s number one way of infection is thru “drive by malware” spread on legit websites. The website could either be hacked or someone bought advertisement that is spreading malware.
The malware collector uses several sources in order to create a list of websites to visit. The project focuses on websites popular to Norway.
A cluster of sandboxes with specialized software visits and if the website attempts to exploit known vulnerabilities the collector downloads the malware and sends it to the malware database.
The data collected is used to warn internet providers, hosting providers, the community and National computer emergency response teams across the globe.