For over 5 years, and perhaps even longer, servers around the world running Linux and BSD operating systems have been targeted by an individual or group that compromised them via a backdoor Trojan, then made them send out spam, ESET researchers have found.
What's more, it seems that the spammers are connected with a software company called Yellsoft, which sells DirectMailer, a "system for automated e-mail distribution" that allows users to send out anonymous email.
This operation succeeded in remaining hidden for so long thanks to several factors: the sophistication of the malware used, its stealth and persistence, the fact the spammers aren't constantly infecting new machines, and that each of the infected machines wasn't made to blast out spam all the time.
The exploit is designed to use Linux and BSD UNIX™ based PERL language scripts.
"Welcome. Affects all users so thought you deserved a ping. Cheers."— Utilizer
As I said, thanks for the ping, but not all users, utilizer. . . except all users get spam.
PERL is not installed on Apple Macs despite OS X being BSD UNIX™. . . but on certain Xservers it may be. PERL has to be deliberately installed before it will exist an an OS X Mac. Even if OS X user Tools are installed PERL requires a deliberate act on the part of the user to be installed.
"Mumblehard components are mainly Perl scripts encrypted and packed inside ELF binaries. In some cases, the Perl script contains another ELF executable with the same packer in the fashion of a Russian nesting doll," researcher Marc-Etienne Leveille shared in a paper detailing their findings. "We got interested in this threat because the way the Perl scripts used by the cybercriminals are packed inside ELF executables is uncommon and more complex than the average server threat."
PINGING the list because some may have installed PERL for specific applications or are running a server app that requires PERL and DO need to check for this damned intrusion. PING!
Apple OS X BSD UNIX™ Security Ping!
If you want on or off the Mac Ping List, Freepmail me.
I challenge the members of the Apple ping list to each donate at least $10 each to the latest Freepathon. I HAVE donated $100. Many members of the Apple Ping list are already rising to the challenge. Join them. Let's show the power of the Apple Ping list in supporting Freerepublic!
MAKE A DONATION TO THE FREEPATHON!