Malware turned Linux and BSD servers into spamming machines - unnoticed for over 5 years!



Unnoticed for years, malware turned Linux and BSD servers into spamming machines

For over 5 years, and perhaps even longer, servers around the world running Linux and BSD operating systems have been targeted by an individual or group that compromised them via a backdoor Trojan, then made them send out spam, ESET researchers have found. The researcher began their investigation with a piece of malware they found on a server that was blacklisted for sending spam. They dubbed it Mumblehard. After analyzing it, they found that it has several distinct components: a generic backdoor that contacts its C&C server and downloads the spammer component and a general purpose-proxy. Mumblehard components are mainly Perl scripts encrypted and packed inside ELF binaries. In some cases, the Perl script contains another ELF executable with the same packer in the fashion of a Russian nesting doll," researcher Marc-Etienne Leveille shared in a paper detailing their findings. "We got interested in this threat because the way the Perl scripts used by the cybercriminals are packed inside ELF executables is uncommon and more complex than the average server threat."

Full story http://www.net-security.org/malware_news.php?id=3030