In Nowadays thousand of computers running on Linux and FreeBSD operating system. Many of them have been infected with sophisticated malware that turn the machines into spambots from past five years.
The new Linux malware, discovered by the security researchers from the antivirus provider Eset, has been dubbed “Mumblehard” because it is Muttering spam from your servers, says Eset 23-page long report titled “Unboxing Linux/Mumblehard.”
Mumblehard features two basic components:
- Backdoor
- Spamming daemon
Both written in the Perl programming language and “feature the same custom packer written in assembly language.”
The backdoor allows hackers to infiltrate into the system and control the command and control servers, and the Spamming daemon is a behind-the-scenes process that focuses on sending large batches of spam emails from the infected servers.
The most worrying part of this :
The Mumblehard operators have been active for over five years, and perhaps even longer, without any disruption.
“Malware targeting Linux and [OpenBSD] servers [are] becoming more and more complex,” Eset researchers wrote. “The fact that the [malware creator] used a custom packer…is somewhat sophisticated.”
Who is responsible for the Spambot network?
The Mumblehard Linux malware actually exploits vulnerabilities in WordPress and Joomla content management systems in order to get into the servers.Additionally, Mumblehard malware is also distributed by installing ‘pirated’ versions of a Linux and BSD program called DirectMailer, software developed by Yellsoft used for sending bulk e-mails and sold for $240 through the Russian firm’s website.So, when a user installs the pirated version of DirectMailer software, the Mumblehard operators gets a backdoor to the user’s server that allows hackers to send spam messages.
How to prevent …?
Web server administrators should check their servers for Mumblehard infections by looking for the so-called unwanted cronjob entries added by the malware in an attempt to activate the backdoor every 15-minute increments.The backdoor is generally located in the /var/tmp or /tmp folders. You can deactivate this backdoor by mounting the tmp directory with the noexec option.
Share your thought,question and idea with us by comment.Share it with your friend on social,“Sharing is Caring”Keep visit HereThanks 🙂