Unnoticed For Years, Malware Turned Linux Servers Into Spamming Machines

An anonymous reader writes: For over 5 years, and perhaps even longer, servers around the world running Linux and FreeBSD operating systems have been targeted by an individual or group that compromised them via a backdoor Trojan, then made them send out spam, ESET researchers have found. What's more, it seems that the spammers are connected with a software company called Yellsoft, which sells DirectMailer, a "system for automated e-mail distribution" that allows users to send out anonymous email in bulk. Here's the white paper in which the researchers explain the exploit.

Re:It took 5 years?

[BarbaraHudson]

If you had read both the article and the white paper, you would have known that the operators behind the infection purposefully keep the number low to stay under the radar. It has succeeded for at least 5 years (and possibly up to a decade). And who's to say that others won't copy the technique, now that the assembly code for the unpacker is also given in the white paper?

The reality is that the "many eyes" claim of open source is a myth, and gives a false sense of security.