If You Haven’t Heard Of Mumblehard Spamming Malware, You’re Probably At Risk

• May 6, 2015
• Leave a comment

After you finish reading about Mumblehard you’ll develop a new appreciation for how quickly the recent WordPress vulnerabilities have been discovered and dealt with.

Firm ESET researchers have discovered a suite of Linux malware. Malware that may have existed without detection for more than five years.
The Mumblehard group has both what’s known as a “backdoor” and a spam function; according to the experts, the coding used to create this ware is more developed than most spamming software, which may explain its ability to remain underwraps for such a long period of time.

In the software community, after all, five years may as well be fifty.

Mumblehard may be written well but its purpose appears to be rather simple: it sends spam under the guise of the IP addresses of computers all over the world.

According to discoverers at ESET,

“More than 8,500 unique IP addresses hit the sinkhole with Mumblehard behavior while we were observing the requests coming in.”

As this was over the period of just one day, the malware has likely found its way into the systems of a very large number of devices.
So, how do I get rid of it?

Further information from ESET advises users to look for “unsolicited cronjob entries for all the users on their servers. This is the mechanism used by the Mumblehard backdoor to activate the backdoor every 15 minutes. The backdoor is usually installed under the name ‘/tmp’ or ‘/var/tmp.’ Mounting the tmp directory with the noexec option prevents the backdoor from starting in the first place.”