Mumblehard Still Spams

May 06, 2015

Sophisticated malware is still present on Joomla and WordPress sites around the world.

According to researchers at the security firm ESET, the Mumblehard malware system continues to plague Joomla and WordPress content management systems around the world. The report summary states that Mumblehard consists of two components:

  • a generic backdoor that "requests commands from its Command and Control server"
  • a spam daemon launched through commands received by the backdoor

The company claims it has identified 8500 unique IP addresses during a 7-month period related to Mumblehard attacks. The summary alleges that Mumblehard is distributed via “pirated copies of a Linux and BSD program known as DirectMailer, software sold on the Yellsoft website for $240.”

ESET says it has discovered other links with Yellsoft, “Among other things, we found that IP addresses hard-coded in the malware are closely tied to those of Yellsoft.” The best remedy will sound familiar: make sure your systems are patched and up-to-date.

Related content

  • News

    Updates on technologies, trends, and tools.

comments powered by Disqus

Issue 39: Getting Started with Linux – /Special Editions

Buy this issue as a PDF

Digital Issue: Price $15.99
(incl. VAT)

News