Webopedia on Google+Webopedia on TwitterWebopedia on FacebookTech Bytes Blog
Main » TERM » M »

Mumblehard malware

Mumblehard is a strain of malware that primarily targets web servers running Linux and BSD operating systems and surreptitiously uses the infected systems as spamming bots.

The security firm ESET discovered the Mumblehard malware in April 2015, but there is evidence of the malware remaining under the radar for at least the past five years. ESET gave the malware the Mumblehard moniker because it "mutters spam from your servers," according to the security research firm.

How Mumblehard Works and How to Prevent It from Starting

The Mumblehard malware exploits vulnerabilities in Wordpress and Joomla to execute two components written in Perl. The first component is a backdoor that requests commands from the malware's command and control server, and the second is a spammer daemon that can be launched via a command received by the backdoor.

In addition to exploiting vulnerabilities in Wordpress and Joomla, the Mumblehard malware can also be installed through the distribution and installation of backdoored "pirated" versions of a Linux and BSD program called DirectMailer, which is a software tool used for sending out e-mails in bulk.

The Mumblehard malware backdoor is typically installed in the /tmp or /var/tmp directories, and ESET recommends mounting these directories with the noexec option to prevent the Mumblehard backdoor from being able to start. Those concerned with whether Mumblehard is already installed on a server should first look for unsolicited cronjob entries for all users on the server(s) suspected of being infected.







TECH RESOURCES FROM OUR PARTNERS
LATEST ARTICLES
Slideshow: 5 Hot Holiday Gifts for Tech Enthusiasts

From cute electronic toys to VR gaming, here are 5 hot gifts to give to your special tech enthusiast this holiday season. Read More »

What's Hot in Tech: AI Tops the List

Like everything in technology, AI touches on so many other trends, like self-driving cars and automation, and Big Data and the Internet of Things... Read More »

DevOp's Role in Application Security

As organizations rush to release new applications, security appears to be getting short shrift. DevSecOps is a new approach that holds promise. Read More »

STUDY GUIDES
Java Basics, Part 1

Java is a high-level programming language. This guide describes the basics of Java, providing an overview of syntax, variables, data types and... Read More »

Java Basics, Part 2

This second Study Guide describes the basics of Java, providing an overview of operators, modifiers and control Structures. Read More »

The 7 Layers of the OSI Model

The Open System Interconnection (OSI) model defines a networking framework to implement protocols in seven layers. Use this handy guide to compare... Read More »