News

Mumblehard Still Spams

According to researchers at the security firm ESET, the Mumblehard malware system continues to plague Joomla and WordPress content management systems around the world. The report summary states that Mumblehard consists of two components:

• A generic backdoor that "requests commands from its Command and Control server"
• A spam daemon launched through commands received by the backdoor

The company claims it has identified 8500 unique IP addresses during a 7-month period related to Mumblehard attacks. The summary alleges that Mumblehard is distributed via "pirated copies of a Linux and BSD program known as DirectMailer, software sold on the Yellsoft website for $240."

ESET says it has discovered other links with Yellsoft, "Among other things, we found that IP addresses hard-coded in the malware are closely tied to those of Yellsoft." The best remedy will sound familiar: Make sure your systems are patched and up to date.

Launchpad Gets Git

The Ubuntu-sponsored Launchpad project has announced early support for a new feature that will let users host Git repositories directly in Launchpad. The Bazaar code-hosting system used with previous versions of Launchpad has supported importing Git repositories for several years, but earlier versions would not allow direct Git hosting.

The Git distributed version control environment, which recently celebrated its 10th anniversary, was developed by Linus Torvalds and the Linux kernel developers and has since been adopted by many open source projects. Launchpad's blog posts says direct Git hosting is "by far the single most commonly requested feature" and adds that the developers have been busy with the change for several months. The Git support is still in the early stages and does not provide some of the capabilities available with Bazaar code hosting. However, work continues, and the goal is to offer a full range of features for Git repositories.

AMD Posts Code for Linux GPU Driver

AMD has released the source code for the new unified AMDGPU driver. The new release is an important step in the company's unified driver strategy. In the past, Linux users had to choose between the open source AMD Radeon graphics driver and the closed-source AMD Catalyst driver. The new unified strategy builds the open AMDGPU kernel driver into both variants. Rather than inhabiting the kernel directly, the Catalyst driver will become a binary blog in userspace, interacting with the system through the open source AMDGPU driver.

This change might seem subtle and technical, but it has important implications for development and licensing. If the closed-source Catalyst driver does not have to be part of kernel space, it will be easier to include with Linux distributions. Also, the new kernel driver can become a closer part of the mainstream Linux kernel development process. See the Phoronix site for extended coverage of AMD's new Linux driver strategy.