• Total Posts: 42232
  • Total Topics: 15535
  • Online Today: 1340
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)

Author Topic: Wordpress's & Joomla's malware is turning BSD & Linux server into spam zombies!  (Read 4457 times)

0 Members and 1 Guest are viewing this topic.


  • SCF Administrator
  • *****
  • Posts: 7528
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • - Samker's Computer Forum

The Mumblehard malware is turning Linux and BSD server into spam-spewing zombies.

Security researchers at ESET have logged over 8,500 unique IP addresses during a seven-month research period looking into the junk-mail-linked malware menace.

Mumblehard is made up of two different components. The first component is a generic backdoor that requests commands from its command and control server. The second component is a "full-featured spammer daemon" process, which is launched via a command received via the backdoor.

The malware exploits vulnerabilities in Joomla (the content management system) and WordPress (the much-hacked blogging and CMS platform), as explained in greater depth in a blog post by ESET here:

Mumblehard is also distributed via ‘pirated’ copies of a Linux and BSD program known as DirectMailer, bulk mailer software developed by Yellsoft and sold through the Russian firm's website for $240. “Our investigation showed strong links with a software company called Yellsoft,” explained ESET malware researcher Marc-Etienne M.Léveillé.

“Among other discoveries, we found that IP addresses hard-coded in the malware are closely tied to those of Yellsoft,” explained Léveillé.

El Reg approached Yellsoft for comment via Twitter (since its didn't resolve). We haven't heard anything back at the time of going to press.

ESET's in-depth technical research paper, entitled Unboxing Linux/Mumblehard – Muttering Spam for your Servers can be found here here (pdf):

Attacks of this type are far from unprecedented. For example, malware dubbed Mayhem was caught spreading through Linux and FreeBSD web servers in Russia and elsewhere last July. The crimeware spread by exploited unpatched blogging platform plug-ins.


Samker's Computer Forum -


With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters)

Enter your email address to receive daily email with ' - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising