Slashdot Mirror

← Back to Stories (view on slashdot.org)

Unnoticed For Years, Malware Turned Linux Servers Into Spamming Machines

Posted by timothy on from the just-where-you-least-expect-it dept.

An anonymous reader writes: For over 5 years, and perhaps even longer, servers around the world running Linux and FreeBSD operating systems have been targeted by an individual or group that compromised them via a backdoor Trojan, then made them send out spam, ESET researchers have found. What's more, it seems that the spammers are connected with a software company called Yellsoft, which sells DirectMailer, a "system for automated e-mail distribution" that allows users to send out anonymous email in bulk. Here's the white paper in which the researchers explain the exploit.

5 of 180 comments (clear)

  1. Spamming daemon packed inside ELF binary by DougPaulson · · Score: 3, Interesting

    "Perl code packed inside ELF binary .. The Perl spammer .. The spamming daemon is also written in Perl and packed inside an ELF binary"

    OK. how exactly is this Mumblehard malware loaded and executed on the server,without user action and without the user running as root?

  2. Isn't DirectMailer a SPAMMING engine? by Anonymous Coward · · Score: 1, Interesting

    I thought direct mailer was a bulk spamming engine? It seems to be a dog eat dog situation.

    i.e. if you install a pirated version of a spamming engine [FOR YOUR OWN USE] it will also spam for other spammers too.

  3. Re:It took 5 years? by grcumb · · Score: 5, Interesting

    Yeah, I can't wait to hear how this is spun I to a tale of how great OSS is.

    Wait no more!

    The article states that the analysts have identified 8,867 infected IP addresses. In April 2014, Netcraft confirmed that there were roughly 958,919,789 sites on the web at that time. Independently of them, W3Techs state that nearly 68% of servers are running some form of Unix, and the vast majority of those can be safely assumed to be running Linux.

    So let's say, then, that better than half a billion sites are potentially vulnerable to this exploit, but in practical terms, over the course of years, a mere 8,867 of them actually were infected by this exploit. That means that, uh... carry the 9... somewhere around, oh... 0.0017734% of all vulnerable Linux sites have been compromised by a hitherto unknown and unmitigated active exploit.

    Clearly this debacle is indisputable proof that Linux security is a shambolic, shameful charade that needs to be stopped before the world collapses into chaos.

    --
    Crumb's Corollary: Never bring a knife to a bun fight.
  4. Re: It took 5 years? by Plumpaquatsch · · Score: 4, Interesting

    Read TFA. The flaw isn't in the OSS.

    You are right. The flaw is in the OSS-users who think that OSS magically makes them secure from Trojans.

    --
    Of course news about a fake are Fake News.
  5. Re: Who cares? by Traxton · · Score: 3, Interesting

    I reboot whenever a security fix for the kernel is released, so every few weeks to a couple of months, typically. Maximizing uptime for e-peen shouldn't take priority over applying security fixes, imho.