Posted on 05/03/2015 4:36:44 PM PDT by Utilizer
For over 5 years, and perhaps even longer, servers around the world running Linux and BSD operating systems have been targeted by an individual or group that compromised them via a backdoor Trojan, then made them send out spam, ESET researchers have found.
What's more, it seems that the spammers are connected with a software company called Yellsoft, which sells DirectMailer, a "system for automated e-mail distribution" that allows users to send out anonymous email.
This operation succeeded in remaining hidden for so long thanks to several factors: the sophistication of the malware used, its stealth and persistence, the fact the spammers aren't constantly infecting new machines, and that each of the infected machines wasn't made to blast out spam all the time.
The researcher began their investigation with a piece of malware they found on a server that was blacklisted for sending spam. They dubbed it Mumblehard. After analyzing it, they found that it has several distinct components: a generic backdoor that contacts its C&C server and downloads the spammer component and a general purpose-proxy.
(Excerpt) Read more at net-security.org ...
Who didn’t see this coming?
bmfl
Ping.
bookmark
Please change author info title from “HMS” to “HNS”. Typo. :)
Dunno but a lot of cyberpunk writers used this plot point regularly. 30 years ago.
Thanks for finding this, Utilizer.
Welcome. Affects all users so thought you deserved a ping. Cheers.
How could it go unnoticed? Don’t the people who run the servers keep track of what they do?
The big question would be how you manage to install this on servers? Remember, there are no dumb users who will click on a link in an email, it’s a Linux server! Without root access, no malware could be installed.
The following paragraphs are interesting:
“The price of the software is $240, but interestingly enough, there is a link to a site offering a “cracked” version of DirectMailer. The developers explicitly say that they don’t provide technical support for users of pirated versions of DirectMailer downloaded from that site or any other, but the fact that they provide a direct link is strange.”
“The pirated DirectMailer copies contain the Mumblehard backdoor, and when users install them, they give the operators a backdoor to their servers, and allow them to send spam from and proxy traffic through them.”
So in order to get infected, you would have to download the ‘pirated version’, log in as root, and install it. This is a deliberate act by a server administrator who knows he is doing something illegal and risky. I guess end users aren’t the only dumb ones out there.
Linux users (those who run a Linux instance on their personal PC) are all “server administrators”.
And there are piles of free apps/utilities out there, more than one could be compromised.
And, to top it off, Linux users rarely install anti-malware systems, so the scale of infection is unknown.
“What? Run my diamond reports? Naaah, laters...more Halo!!”
The perps should be tracked down and summarily executed.
These are Network Servers, not personal machines being referred to in the article.
First sentence in the article: “For over 5 years, and perhaps even longer, servers around the world running Linux and BSD operating systems have been targeted by an individual or group that compromised them via a backdoor Trojan, then made them send out spam, ESET researchers have found.”
Also first sentence in the thread.
Just FYI.
good nerds are so hard to find these days :p
For over 5 years, and perhaps even longer, servers around the world running Linux and BSD operating systems have been targeted by an individual or group that compromised them via a backdoor Trojan, then made them send out spam, ESET researchers have found.
What's more, it seems that the spammers are connected with a software company called Yellsoft, which sells DirectMailer, a "system for automated e-mail distribution" that allows users to send out anonymous email.
This operation succeeded in remaining hidden for so long thanks to several factors: the sophistication of the malware used, its stealth and persistence, the fact the spammers aren't constantly infecting new machines, and that each of the infected machines wasn't made to blast out spam all the time.
"Mumblehard components are mainly Perl scripts encrypted and packed inside ELF binaries. In some cases, the Perl script contains another ELF executable with the same packer in the fashion of a Russian nesting doll," researcher Marc-Etienne Leveille shared in a paper detailing their findings. "We got interested in this threat because the way the Perl scripts used by the cybercriminals are packed inside ELF executables is uncommon and more complex than the average server threat."
If you want on or off the Mac Ping List, Freepmail me.
I challenge the members of the Apple ping list to each donate at least $10 each to the latest Freepathon. I HAVE donated $100. Many members of the Apple Ping list are already rising to the challenge. Join them. Let's show the power of the Apple Ping list in supporting Freerepublic!
Very true.
You answered my question as to the vulnerability of OSX as i remember that it’s built on[?’” a unix base[?}
Thank you
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.