Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Sunday, 5 February, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Linux and BSD web servers at risk of sophisticated Mumblehard infection

by The Gurus
April 29, 2015
in Editor's News
Share on FacebookShare on Twitter

Researchers have revealed a family of Linux malware that stayed under the radar for more than five years. The malware, which ESET have named Linux/Mumblehard is targeting servers running Linux and BSD systems.
The primary purpose of this malware is to send spam messages by sheltering behind the reputation of the legitimate IP addresses of the infected machines. “We were able to identify victimised system and began the process of notifying its owners,” said Lead ESET security researcher Marc-Etienne M. Léveillé.  “Now that the technical details about the threat are public, it will be easier for the victims to understand what they face and clean their servers.”
ESET identified over 8500 unique IP addresses affected by Mumblehard during the 7 month research period. ESET say that the malware is made up of two different components. Exploiting vulnerabilities in Joomla and WordPress, the first component is a generic backdoor that requests commands from its Command and Control server. The second component is a full-featured spammer daemon that is launched via a command received by the backdoor.
Mumblehard is also distributed via ‘pirated’ copies of a Linux and BSD program known as DirectMailer, software sold on website Yellsoft for $240. “Our investigation showed strong links with a software company called Yellsoft,” explained Léveillé. “The first link between them is that the IP addresses used as C&C servers for both the backdoor and spamming components are located in the same range as the web server hosting yellsoft.net. The second link is that we have found pirated copies of DirectMailer online that actually silently install the Mumblehard backdoor when run. The pirated copies were also obfuscated by the same packer used by Mumblehard’s malicious components.” explained Léveillé.
ESET advises victims to ‘look for unsolicited cronjob entries for all the users on their servers.’ The full whitepaper can be downloaded here.

FacebookTweetLinkedIn
Tags: BSDCyber SecurityDirectMailerESETinformation securityIP addressJoomlaLinuxMalwareMumblehardSpamWordPressYellsoft
ShareTweetShare
Previous Post

ESET research shows 60% of parents are concerned about their children seeing illicit content online

Next Post

Hackers steal $5 million from Ryanair’s bank account

Recent News

london-skyline-canary-wharf

Ransomware attack halts London trading

February 3, 2023
Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

February 2, 2023
JD Sports admits data breach

JD Sports admits data breach

January 31, 2023
Acronis seals cyber protection partnership with Fulham FC

Acronis seals cyber protection partnership with Fulham FC

January 30, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information