Jump to content

Spam-blasting malware infects thousands of Linux and FreeBSD servers

securitybreach

By securitybreach
in Bruno's All Things Linux

 Share

Recommended Posts

securitybreach

securitybreach

Posted
Posted

Several thousand computers running the Linux and FreeBSD operating systems have been infected over the past seven months with sophisticated malware that surreptitiously makes them part of a renegade network blasting the Internet with spam, researchers said Wednesday. The malware likely infected many more machines during the five years it's known to have existed.

 

Most of the machines infected by the so-called Mumblehard malware are believed to run websites, according to the 23-page report issued by researchers from antivirus provider Eset. During the seven months that they monitored one of its command and control channels, 8,867 unique IP addresses connected to it, with 3,000 of them joining in the past three weeks. The discovery is reminiscent of Windigo, a separate spam botnet made up of 10,000 Linux servers that Eset discovered 14 months ago.

 

The Mumblehard malware is the brainchild of experienced and highly skilled programmers. It includes a backdoor and a spam daemon, which is a behind-the-scenes process that sends large batches of junk mail. These two main components are written in Perl and they're obfuscated inside a custom "packer" that's written in assembly, a low-level programming language that closely corresponds to the native machine code of the computer hardware it runs on. Some of the Perl script contains a separate executable with the same assembly-based packer that's arranged in the fashion of a Russian nesting doll. The result is a very stealthy infection that causes production servers to send spam and may serve other nefarious purposes........

http://arstechnica.c...reebsd-servers/

 

Before you start getting worried, this sounds like targeted attacks against mail servers only and should be patched very soon.

  • Like 4
Link to comment
Share on other sites
atiustira

atiustira

Posted
Posted

Yes and our buddy is a good writer also. But even before meeting our friend. I have been recommending Eset. Hey what do you think of that snort rule? Would know what is going across the net work and catch it without having to wait for a patch! Preety cool...

  • Like 2
Link to comment
Share on other sites
  • 2 weeks later...
goretsky

goretsky

Posted
Posted

Hello,

 

The main vector for this particular spam-sending malware is pirated copies of a spam-sending program.

 

It appears the authors of the original spam sender released the infected version, so people who pirate the software would be using an infected copy they could use to send spam themselves.

 

It is all very meta.

 

Regards,

 

Aryeh Goretsky

  • Like 3
Link to comment
Share on other sites
Hedon James

Hedon James

Posted
Posted

The main vector for this particular spam-sending malware is pirated copies of a spam-sending program.

 

It appears the authors of the original spam sender released the infected version, so people who pirate the software would be using an infected copy they could use to send spam themselves.

 

Now THAT is funny to me! (and perhaps even a bit clever?) Just another argument to endorse FOSS software, IMO. If you want "free" software, make sure it's also "open source software"! Aw heck...just use Linux for maximum protection OOTB!!!

  • Like 4
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...