Mumblehard Still Spams

May 06, 2015

Sophisticated malware is still present on Joomla and WordPress sites around the world.

According to researchers at the security firm ESET, the Mumblehard malware system continues to plague Joomla and WordPress content management systems around the world. The report summary states that Mumblehard consists of two components:

  • a generic backdoor that "requests commands from its Command and Control server"
  • a spam daemon launched through commands received by the backdoor

The company claims it has identified 8500 unique IP addresses during a 7-month period related to Mumblehard attacks. The summary alleges that Mumblehard is distributed via “pirated copies of a Linux and BSD program known as DirectMailer, software sold on the Yellsoft website for $240.”

ESET says it has discovered other links with Yellsoft, “Among other things, we found that IP addresses hard-coded in the malware are closely tied to those of Yellsoft.” The best remedy will sound familiar: make sure your systems are patched and up-to-date.

Related content

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More

News