1Likes
LinkBack URL
About LinkBacksThousands of computers and web servers running Linux and FreeBSD operating systems have been infected over past five years with sophisticated malware that turn the machines into spambots.
The new Linux malware, discovered by the security researchers, has been dubbed "Mumblehard" because it is Muttering spam from your servers, says Eset 23-page long report (PDF) titled "Unboxing Linux/Mumblehard."
Researchers have logged more than 8,500 unique IP addresses during the seven months period of research that were hit by Mumblehard Linux malware and found over 3,000 machines joined them in the past three weeks.
Mumblehard features two basic components:
-Backdoor
-Spamming daemon
-Both written in the Perl programming language and "feature the same custom packer written in assembly language."
-The backdoor allows hackers to infiltrate into the system and control the command and control servers, and the Spamming daemon is a behind-the-scenes process that focuses on sending large batches of spam emails from the infected servers.
Who is responsible for the spambot network?
The Mumblehard Linux malware actually exploits vulnerabilities in WordPress and Joomla content management systems in order to get into the servers.
Additionally, Mumblehard malware is also distributed by installing ‘pirated’ versions of a Linux and BSD program called DirectMailer, software developed by Yellsoft used for sending bulk e-mails and sold for $240 through the Russian firm's website.
So, when a user installs the pirated version of DirectMailer software, the Mumblehard operators gets a backdoor to the user's server that allows hackers to send spam messages.
How to prevent the threat?
Web server administrators should check their servers for Mumblehard infections by looking for the so-called unwanted cronjob entries added by the malware in an attempt to activate the backdoor every 15-minute increments.
The backdoor is generally located in the /var/tmp or /tmp folders.
You can deactivate this backdoor by mounting the tmp directory with the noexec option.
Torrent Invites! Buy, Trade, Sell Or Find Free Invites, For EVERY Private Tracker! HDBits.org, BTN, PTP, MTV, Empornium, Orpheus, Bibliotik, RED, IPT, TL, PHD etc!
Results 1 to 1 of 1
Hybrid View
-
05-02-2015 #1It's Alright,You Heard?
- Reputation Points
- 214616
- Reputation Power
- 100
- Join Date
- Aug 2014
- Posts
- 9,263
- Time Online
- 462 d 3 h 45 m
- Avg. Time Online
- 2 h 48 m
- Mentioned
- 2378 Post(s)
- Quoted
- 807 Post(s)
- Liked
- 12467 times
- Feedbacks
- 440 (100%)
How to prevent Linux and FreeBSD Servers from Mumblehard Malware
PriceLess likes this.
Reply With Quote
