Linux Malware Found to be Responsible for Spam Messages

A new inquiry has revealed a family unit of malware called "Mumblehard" focused on targeting web servers running on Linux and FreeBSD operating systems. Mumblehard Linux malware gives hackers a backdoor allowing them to enter the system and command it, with a second component focused on sending spam messages from the infected servers.

Mumblehard Linux malware identified:

This revelation has been fabricated public by the researchers atESETwho claim that the malware goes back toat to the lowest degree2009. The team of researchers collected the statistics on the infected servers for over seven months.

What is Mumblehard Linux malware:

Researchers have divided the Mumblehard malware family into two basic components - backdoor and a spamming daemon. Written in Perl, the malware enables attackers to send spam messages by taking a shelter behind legitimate IP addresses of the infected machines, shares Marc-Etienne Grand.Leveille of ESET.

Leveille farther shares the details,

ESET Researchers were able to monitor the Mumblehard backdoor component by registering a domain name used every bit one of the C&C servers. More than 8,500 unique IP addresses striking the sinkhole with Mumblehard beliefs while we were observing the requests coming in.

[...] during the first week of April, more three,000 machines were affected by Mumblehard. The number of infected hosts is slowly decreasing, just the overall view shows that infection happens at specific times and that the botnet size has doubled over a 6-month period.

Who is responsible...

The enquiry revealed that a visitor calledYellsofthas possible links to this spam campaign.Yellsoftsells DirectMailersoftware for sending majority electronic mail messages. The analysis showed that the IP addresses used for backdoor and spamming bots were located in the aforementioned range every bit the web server that hosts Y ellsoft confirming the link.

Another link was plant with the pirated copies ofDirectMaileravailable online which installs the Mumblehard Linux backdoor when they run.

How to prevent it?

ESET research team shares how to foreclose Mumblehard Linux malware from infecting your web servers:

Victims should await for unsolicited cronjob entries for all the users on their servers. This is the mechanism used by the Mumblehard backdoor to actuate the backdoor every 15 minutes. The backdoor is usually installed in /tmp or /var/tmp. Mounting the tmp directory with the noexec choice prevents the backstairs from starting in the outset place.

To download the white paper, please visitESET.