Unnoticed For Years, Malware Turned Linux Servers Into Spamming Machines

An anonymous reader writes: For over 5 years, and perhaps even longer, servers around the world running Linux and FreeBSD operating systems have been targeted by an individual or group that compromised them via a backdoor Trojan, then made them send out spam, ESET researchers have found. What's more, it seems that the spammers are connected with a software company called Yellsoft, which sells DirectMailer, a "system for automated e-mail distribution" that allows users to send out anonymous email in bulk. Here's the white paper in which the researchers explain the exploit.

Who cares?

[WombleGoneBad]

This isn't as interesting as it sounds (or have i misunderstood?) Basically, if you are a spammer, and download binaries of 'cracked' spamming software... surprise surprise, there is a back door in it that lets other spammers use your servers to spam. It is kinda interesting from a technical point of view (putting perl scripts into elf binaries) but the headline is very misleading, this is not a serious linux/bsd security issue.

Re:Spamming daemon packed inside ELF binary

[CoderJoe]

TFA: "The researchers believe that Mumblehard is also installed on servers compromised via Joomla and Wordpress exploits"

It's in the fine article - download "crack"

[dbIII]

OK. how exactly is this Mumblehard malware loaded and executed on the server,without user action and without the user running as root?

Via greed driving user interaction in the hope of a "free lunch". From the article:

The price of the software is $240, but interestingly enough, there is a link to a site offering a "cracked" version of DirectMailer. ... The pirated DirectMailer copies contain the Mumblehard backdoor, and when users install them, they give the operators a backdoor to their servers, and allow them to send spam from and proxy traffic through them.

So it's a parasite feeding on cheapskate spammers. I'm not sure whether to get annoyed with them or give them a medal.