The last time Hackerfall tried to access this page, it returned a not found error. A cached version of the page is below, or click here to continue anyway

Linux and BSD Web Servers At Risk Of Sophisticated Mumblehard Infection, Says ESET | ESET

28 Apr 2015

ESET, a global pioneer in proactive protection for more than two decades, has today published its in-depth technical research paper, entitled Unboxing Linux/Mumblehard - Muttering Spam for your Servers. Linux/Mumblehard targets servers running Linux and BSD systems. The primary purpose of this malware is to use infected systems for spamming bots. 

We were able to identify victimised system and began the process of notifying its owners, said Lead ESET security researcher Marc-Etienne M. Lveill. This is not trivial, as we identified over 8500 unique IP addresses during 7 month research period! Now that the technical details about the threat are public, it will be easier for the victims to understand what they face and clean their servers.

ESET researchers say the malware is made up of two different components. Exploiting vulnerabilities in Joomla and Wordpress, the first component is a generic backdoor that requests commands from its Command and Control server. The second component is a full-featured spammer daemon that is launched via a command received by the backdoor. Mumblehard is also distributed via pirated copies of a Linux and BSD program known as DirectMailer, software sold on the Yellsoft website for $240.

Our investigation showed strong links with a software company called Yellsoft, explained Lveill. Among other discoveries, we found that IP addresses hard-coded in the malware are closely tied to those of Yellsoft, explained Lveill.

ESET reminds web administrators to ensure that web servers operating system and applications are kept up to date with patches as well as running reputatable security software such as

ESET Server Security


To learn more about the Linux/Mumblehard malware family, download ESETs in-depth technical research paper, entitled

Unboxing Linux/Mumblehard - Muttering Spam for your Servers


About ESET

Since 1987, ESET has been developing award-winning security software that now helps over 100 million users to Enjoy Safer Technology. Its broad security product portfolio covers all popular platforms and provides businesses and consumers around the world with the perfect balance of performance and proactive protection. The company has a global sales network covering 180 countries, and regional offices in Bratislava, San Diego, Singapore and Buenos Aires. For more information visit or follow us on LinkedInFacebook and Twitter

Continue reading on