Stories
Slash Boxes
Comments

SoylentNews is people

posted by CoolHand on Saturday May 02 2015, @02:35AM   Printer-friendly
from the check-your-servers-boys(and-gals) dept.

http://arstechnica.com/security/2015/04/30/spam-blasting-malware-infects-thousands-of-linux-and-freebsd-servers/

Several thousand computers running the Linux and FreeBSD operating systems have been infected over the past seven months with sophisticated malware that surreptitiously makes them part of a renegade network blasting the Internet with spam, researchers said Wednesday. The malware likely infected many more machines during the five years it's known to have existed.

Most of the machines infected by the so-called Mumblehard malware are believed to run websites, according to the 23-page report [PDF] issued by researchers from antivirus provider Eset. During the seven months that they monitored one of its command and control channels, 8,867 unique IP addresses connected to it, with 3,000 of them joining in the past three weeks. The discovery is reminiscent of Windigo, a separate spam botnet made up of 10,000 Linux servers that Eset discovered 14 months ago.

The Mumblehard malware is the brainchild of experienced and highly skilled programmers. It includes a backdoor and a spam daemon, which is a behind-the-scenes process that sends large batches of junk mail. These two main components are written in Perl and they're obfuscated inside a custom "packer" that's written in assembly, a low-level programming language that closely corresponds to the native machine code of the computer hardware it runs on. Some of the Perl script contains a separate executable with the same assembly-based packer that's arranged in the fashion of a Russian nesting doll. The result is a very stealthy infection that causes production servers to send spam and may serve other nefarious purposes.

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by Marand on Saturday May 02 2015, @03:48AM

    by Marand (1081) on Saturday May 02 2015, @03:48AM (#177754) Journal

    And to any filthy PHP-lovers out there: don't get mad, it's just a joke. We all have our own secret programming shames. :)

    For example, I happen to like Perl and Ruby more than the internet's darling language, Python.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2