Linux and BSD Web Servers At Risk Of Sophisticated Mumblehard Infection, Says ESET

Next story

ESET®, a global pioneer in proactive protection for more than two decades, has today published its in-depth technical research paper, entitled ‘Unboxing Linux/Mumblehard - Muttering Spam for your Servers’.
Linux/Mumblehard targets servers running Linux and BSD systems. The primary purpose of this malware is to use infected systems for spamming bots. 

“We were able to identify victimised system and began the process of notifying its owners,” said Lead ESET security researcher Marc-Etienne M. Léveillé. “This is not trivial, as we identified over 8500 unique IP addresses during 7 month research period! Now that the technical details about the threat are public, it will be easier for the victims to understand what they face and clean their servers.”

ESET researchers say the malware is made up of two different components. Exploiting vulnerabilities in Joomla and Wordpress, the first component is a generic backdoor that requests commands from its Command and Control server. The second component is a full¬-featured spammer daemon that is launched via a command received by the backdoor. Mumblehard is also distributed via ‘pirated’ copies of a Linux and BSD program known as DirectMailer, software sold on the Yellsoft website for $240.

“Our investigation showed strong links with a software company called Yellsoft,” explained Léveillé. “Among other discoveries, we found that IP addresses hard-coded in the malware are closely tied to those of Yellsoft,” explained Léveillé.

ESET reminds web administrators to ensure that web servers operating system and applications are kept up to date with patches as well as running reputatable security software such as ESET Server Security.  
To learn more about the Linux/Mumblehard malware family, download ESET’s in-depth technical research paper, entitled ‘Unboxing Linux/Mumblehard - Muttering Spam for your Servers’.

About ESET

Since 1987, ESET® has been developing award-winning security software that now helps over 100 million users to Enjoy Safer Technology. Its broad security product portfolio covers all popular platforms and provides businesses and consumers around the world with the perfect balance of performance and proactive protection. The company has a global sales network covering 180 countries, and regional offices in Bratislava, San Diego, Singapore and Buenos Aires. For more information visit or follow us on LinkedInFacebook and Twitter