Undiscovered Malware Turns Linux And BSD Servers Into Spamming Botnets
"We were able to identify victimized system and began the process of notifying its owners," said Lead ESET security researcher Marc-Etienne M. Léveillé. "This is not trivial, as we identified over 8500 unique IP addresses during 7 month research period! Now that the technical details about the threat are public, it will be easier for the victims to understand what they face and clean their servers."
Image Source: Flickr (Christian Barmala)
The researchers sort of stumbled onto the scheme when they found a piece of malware on a server that was blacklisted for sending spam. Dubbed "Mumblehard," the malware consists of a generic backdoor that contacts its Command and Control (C&C) server to download a spammer component and general purpose proxy.
After doing a bit of investigating, researchers found that the malware was tied to a company called Yellsoft, which sells DirectMailer, a "system for automated email distribution" that allows users to send anonymous email. DirectMailer is written in Perl and runs on UNIX-type systems, just like Mumblerhard.
The software runs $240, though interestingly enough the developers provide a link to a site that offers a cracked copy, noting that they don't provide technical support for pirated copies. However, the fact that they're linking to the cracked copy is downright shady.
ESET's researchers confirmed that the cracked copy contains the Mumblehard backdoor -- once installed, the operations are able to send spam from and proxy traffic through the infected system. It's not known if the paid version also contains malware.