Slashdot Mirror


Unnoticed For Years, Malware Turned Linux Servers Into Spamming Machines

An anonymous reader writes: For over 5 years, and perhaps even longer, servers around the world running Linux and FreeBSD operating systems have been targeted by an individual or group that compromised them via a backdoor Trojan, then made them send out spam, ESET researchers have found. What's more, it seems that the spammers are connected with a software company called Yellsoft, which sells DirectMailer, a "system for automated e-mail distribution" that allows users to send out anonymous email in bulk. Here's the white paper in which the researchers explain the exploit.

6 of 180 comments (clear)

  1. Most Linux distros ship with malware by default.. by Anonymous Coward · · Score: -1, Troll

    It's called systemd

  2. Re:Summing up + Translation(babble to information) by Anonymous Coward · · Score: -1, Troll

    Thank you, Linux Apologist. Your well-earned herring will arrive in the mail in 4-6 weeks.

  3. Re:Detector, please by BitZtream · · Score: -1, Troll

    Just for reference, just because you have some raspberry pi's running Linux, doesn't really mean you should be saying you run some servers.

    Second, if you don't know how to detect this, you shouldn't be running servers.

    Third, if you don't know how to prevent this from being useful, OR you don't take those actions be default, you shouldn't be running anything other than Windows.

    --
    Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
  4. Re:Spamming daemon packed inside ELF binary by Khyber · · Score: 0, Troll

    " It's a random program that someone has decided to install"

    FTA: "The researchers believe that Mumblehard is also installed on servers compromised via Joomla and Wordpress exploits"

    The bare fucking minimum you could do is read the fucking article before going off on a holier-than-thou rant AND BEING STRAIGHT FUCKING WRONG.

    "But, please, continue to think you're superior because "lol OS is insecure""

    I'm superior because I can at least RTFA and get correct information. The only thing you're superior at is opening your useless mouth.

    --
    Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
  5. Re:It took 5 years? by BarbaraHudson · · Score: 1, Troll

    If you had read both the article and the white paper, you would have known that the operators behind the infection purposefully keep the number low to stay under the radar. It has succeeded for at least 5 years (and possibly up to a decade). And who's to say that others won't copy the technique, now that the assembly code for the unpacker is also given in the white paper?

    The reality is that the "many eyes" claim of open source is a myth, and gives a false sense of security.

    --
    "Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
  6. Re:Detector, please by Khyber · · Score: -1, Troll

    "Just for reference, just because you have some raspberry pi's running Linux, doesn't really mean you should be saying you run some servers."

    Just like you can't say you run servers, because your shit 1P hardware doesn't even come close to my system.

    "Second, if you don't know how to detect this, you shouldn't be running servers."

    No, they shouldn't be running LINUX. Not that I'd recommend Linux to anyone anyways, given the attitude like yours that's given when people ASK A FUCKING QUESTION.

    "Third, if you don't know how to prevent this from being useful, OR you don't take those actions be default, you shouldn't be running anything other than Windows."

    If you can't provide an immediate answer to the person's question (How is this detected) then you're just as fucking useless. By the way, since the paper doesn't explain detection methods, only that this was discovered after someone had their server blackholed and was ASKING FOR ASSISTANCE, you can't run to your shit default "RTFA/M" meme, now.

    So, start talking, or admit YOU DON'T EVEN KNOW THE ANSWER YOURSELF.

    --
    Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.