Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Unnoticed for years, malware turned Linux and BSD servers into spamming machines
HELP NET SECURITY ^ | 01.05.2015 (01 MAY 2015) | Zeljka zorz, HNS managing editor

Posted on 05/03/2015 4:36:44 PM PDT by Utilizer

For over 5 years, and perhaps even longer, servers around the world running Linux and BSD operating systems have been targeted by an individual or group that compromised them via a backdoor Trojan, then made them send out spam, ESET researchers have found.

What's more, it seems that the spammers are connected with a software company called Yellsoft, which sells DirectMailer, a "system for automated e-mail distribution" that allows users to send out anonymous email.

This operation succeeded in remaining hidden for so long thanks to several factors: the sophistication of the malware used, its stealth and persistence, the fact the spammers aren't constantly infecting new machines, and that each of the infected machines wasn't made to blast out spam all the time.

The researcher began their investigation with a piece of malware they found on a server that was blacklisted for sending spam. They dubbed it Mumblehard. After analyzing it, they found that it has several distinct components: a generic backdoor that contacts its C&C server and downloads the spammer component and a general purpose-proxy.

(Excerpt) Read more at net-security.org ...


TOPICS: Business/Economy; Computers/Internet
KEYWORDS: bsd; internet; linux; spam
Navigation: use the links below to view more comments.
first previous 1-2021-4041-46 next last
To: buwaya

The article says these are mostly web servers, probably located in data centers. Home users would not be interested in a pirate copy of the type of software offered by this company.

However, it is true that there are many slovenly individuals who rent servers in data centers. You can get a virtual root-server for $14.99 a month nowadays.


21 posted on 05/03/2015 5:39:20 PM PDT by proxy_user
[ Post Reply | Private Reply | To 13 | View Replies]

To: proxy_user; buwaya; Utilizer

I think buwaya was trying to make the point that since home users of Linux download many free apps from just about anywhere, whose to say this type of virus isn’t hidden in anything else?


22 posted on 05/03/2015 5:48:18 PM PDT by VeniVidiVici (Hey, hey, GayKKK. Who you gonna lynch today?)
[ Post Reply | Private Reply | To 21 | View Replies]

To: VeniVidiVici

Many ISPs who provide service to home users block the outgoing SMTP port, just for this reason. So if a home user did have such malware, it wouldn’t be very useful.


23 posted on 05/03/2015 5:54:47 PM PDT by proxy_user
[ Post Reply | Private Reply | To 22 | View Replies]

To: Utilizer

Of course if this was windows you’d see a ton of snarky comments. But it’s not so not so much snarky in this thread I bet.


24 posted on 05/03/2015 6:27:18 PM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker

Whoa so this malware exists in the WILD and on OSX?

huh....interesting. I may need to bookmark this one.

On a serious note...malware is serious stuff and anyone who thinks they don’t have to worry is an idiot. Doesn’t matter if you have the most popular OS (Windows) or one of the more obscure OSs (OS X)—you’re at risk.


25 posted on 05/03/2015 6:29:26 PM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 18 | View Replies]

To: proxy_user

Mine doesn’t. In fact I have a scanner that plugs into my network that can scan directly to email because my ISP doesn’t block SMTP relay from internal users (thank goodness).


26 posted on 05/03/2015 6:30:25 PM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 23 | View Replies]

To: Swordmaker
PERL is not installed on Apple Macs despite OS X being BSD UNIX™

Beg pardon? Open up a terminal and type "ls -l /usr/bin/perl"...

27 posted on 05/03/2015 6:53:28 PM PDT by Yossarian
[ Post Reply | Private Reply | To 18 | View Replies]

To: VeniVidiVici

I gather from your comments that you are not that familiar with the ‘nix OS. Linux does not have many “apps” in the same way that the ‘doze system does. There are, however, many programs available for different functions available from known and trusted sources called “Repositories” or “repos” for short.

If I need an app for a particular useage I go to the repos to download what I need, either from the Stable / Main for the most reliable version, or to the Unstable / Testing pool for newer versions. For more cutting-edge versions or newer and still-developing programs I can always look in to what SourceForge has available, or even Freecode (formerly Freshmeat) for the latest or just-beginning (alpha and beta -level) projects if I am really curious.

People running network servers do not do even that, since the server exists for one function only and that is most definitely NOT installing non-relevant programs. Since anyone who has a website hosted may have their server running on BSD, Linux, or Unix, this potentially affects any user running any machine on the net. A server compromise to effect spamming is not a small problem.


28 posted on 05/03/2015 6:55:14 PM PDT by Utilizer (Bacon A'kbar! - In world today are only peaceful people, and the muzlims trying to kill them)
[ Post Reply | Private Reply | To 22 | View Replies]

To: All

Ahem... “If I need an app” should be: “If I need a program”. We do not “download many free apps from just about anywhere”, in fact.

Need to proofread more. :)


29 posted on 05/03/2015 7:09:14 PM PDT by Utilizer (Bacon A'kbar! - In world today are only peaceful people, and the muzlims trying to kill them)
[ Post Reply | Private Reply | To 28 | View Replies]

To: Utilizer

:-) You sound like a very competent server admin. However, you need to think a bit more outside the box.


30 posted on 05/03/2015 7:37:06 PM PDT by VeniVidiVici (Hey, hey, GayKKK. Who you gonna lynch today?)
[ Post Reply | Private Reply | To 28 | View Replies]

To: Utilizer; ShadowAce; Swordmaker
Hi Utilizer,

Thanks for the ping. I've decided against pinging the Windows list to this given that it's a non-Windows threat, and on the assumption that the Windows admins who are also Unix/Linux admins probably are already on ShadowAce's Tech Ping list and don't need a double ping.

31 posted on 05/03/2015 8:26:05 PM PDT by dayglored (Listen, strange women lying in ponds distributing swords is...sounding pretty good about now.)
[ Post Reply | Private Reply | To 4 | View Replies]

To: dayglored

No worries. I just thought that some people on the windows ping list might have homepages running on some version of ‘nix or BSD and might want to know about this. However you are correct that this is not really a windows threat, unless you are a programmer I suppose.

Cheers!


32 posted on 05/03/2015 8:36:11 PM PDT by Utilizer (Bacon A'kbar! - In world today are only peaceful people, and the muzlims trying to kill them)
[ Post Reply | Private Reply | To 31 | View Replies]

To: for-q-clinton
Whoa so this malware exists in the WILD and on OS X?

Read what I wrote. . . it is not on a standard install of OS X and exists only if someone chooses to install PERL. . . and then requires installing a TROJAN on a SERVER. Good luck with that.

33 posted on 05/03/2015 11:09:16 PM PDT by Swordmaker (This tag line is a Microsoft insult free zone... but if the insults to Mac users contnue...)
[ Post Reply | Private Reply | To 25 | View Replies]

To: Yossarian
Beg pardon? Open up a terminal and type "ls -l /usr/bin/perl"...

The OS X libraries for PERL are there but PERL itself is not, they are not installed. . . and not active. PERL has to be installed. You get the same thing for RUBY, etc. The libraries are what you are seeing in the bin folder. So are the libraries for quite a few UNIX™ things that are simply not used. They are there if you want to use them. Then you would take an active step to install PERL to make them available. To do that you would have to enter:

curl -L http://xrl.us/installperlosx | bash And then license it for your use. Apple makes it available for download.

By the way, not all installs of OS X even have the libraries. My MacBook Air, for example, does not. Space on Flashdrives is at a premium.

Did you by chance opt to install XTools at any time when you did an install? That will get you most of those additional UNIX™ libraries installed.

34 posted on 05/03/2015 11:26:34 PM PDT by Swordmaker (This tag line is a Microsoft insult free zone... but if the insults to Mac users contnue...)
[ Post Reply | Private Reply | To 27 | View Replies]

To: Yossarian
Beg pardon? Open up a terminal and type "ls -l /usr/bin/perl"...

By-the-way, the folder is there on my Macbook Air, but it's empty. Seems the install created the folder, but did not populate it with the libraries. I haven't checked my big install on my iMac, but then I installed a XTools on it. . . so I expect it's got everything there.

35 posted on 05/03/2015 11:33:15 PM PDT by Swordmaker (This tag line is a Microsoft insult free zone... but if the insults to Mac users contnue...)
[ Post Reply | Private Reply | To 27 | View Replies]

To: Swordmaker

Yes, I installed the “Xcode Command-line tools” at some point - that must have installed Perl there.

I also have an install of it over in /opt, since I use MacPorts to get a lot of standard-issue UNIX packages. (Using MacPorts versions is also good to never monkey with the versions of the standard UNIX tools that Apple depends on the exact behavior of. You can upgrade MacPorts versions of tools, Apple will upgrade their tools only when needed.)

I suppose we need to worry about installs going on there, as well.


36 posted on 05/03/2015 11:46:02 PM PDT by Yossarian
[ Post Reply | Private Reply | To 35 | View Replies]

To: Yossarian
Yes, I installed the “Xcode Command-line tools” at some point - that must have installed Perl there.

Bingo.

Only if you are using PERL, I think. . . and careless about what you download.

37 posted on 05/03/2015 11:50:38 PM PDT by Swordmaker (This tag line is a Microsoft insult free zone... but if the insults to Mac users contnue...)
[ Post Reply | Private Reply | To 36 | View Replies]

To: Swordmaker

So it is in the wild. Got it.


38 posted on 05/04/2015 4:05:42 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 33 | View Replies]

To: Swordmaker
I haven't checked my big install on my iMac, but then I installed a XTools on it. . . so I expect it's got everything there.
In fit of ambition I installed XTools on my first iMac under an early version of OS X. Never did anything with it, and PROBABLY it’s not on my current sys since I’m pretty sure that, whereas XTools came free with that first iMac I would have had to have bought XTools for my later Mac, and I’m rather sure I didn’t do that.

What would be an easy way to check that?


39 posted on 05/04/2015 6:20:12 AM PDT by conservatism_IS_compassion ('Liberalism' is a conspiracy against the public by wire-service journalism.)
[ Post Reply | Private Reply | To 35 | View Replies]

To: for-q-clinton
So it is in the wild.
In principle. It’s another Trojan, and presumably some Macs are vulnerable, and presumably it isn’t in Apple’s directory of bad apples yet.

But that’s the thing - having a (Windows) system which was vulnerable to viruses made me paranoid - and, being paranoid, I was easily spooked into falling for a Trojan.

It’s so much better to feel secure against viruses, and therefore be that much less susceptible to trojans.


40 posted on 05/04/2015 6:34:40 AM PDT by conservatism_IS_compassion ('Liberalism' is a conspiracy against the public by wire-service journalism.)
[ Post Reply | Private Reply | To 38 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-46 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson