Mumblehard Malware

Mumblehard is a strain of malware that primarily targets web servers running Linux and BSD operating systems and surreptitiously uses the infected systems as spamming bots.

The security firm ESET discovered the Mumblehard malware in April 2015, but there is evidence of the malware remaining under the radar for at least the past five years. ESET gave the malware the Mumblehard moniker because it “mutters spam from your servers,” according to the security research firm.

How Mumblehard Works and How to Prevent It from Starting

The Mumblehard malware exploits vulnerabilities in WordPress and Joomla to execute two components written in Perl. The first component is a backdoor that requests commands from the malware’s command and control server, and the second is a spammer daemon that can be launched via a command received by the backdoor.

In addition to exploiting vulnerabilities in WordPress and Joomla, the Mumblehard malware can also be installed through the distribution and installation of backdoored “pirated” versions of a Linux and BSD program called DirectMailer, which is a software tool used for sending out e-mails in bulk.

The Mumblehard malware backdoor is typically installed in the /tmp or /var/tmp directories, and ESET recommends mounting these directories with the noexec option to prevent the Mumblehard backdoor from being able to start. Those concerned with whether Mumblehard is already installed on a server should first look for unsolicited cronjob entries for all users on the server(s) suspected of being infected.

Forrest Stroud
Forrest Stroud
Forrest is a writer for Webopedia. Experienced, entrepreneurial, and well-rounded, he has 15+ years covering technology, business software, website design, programming, and more.

Related Articles

@ Sign

Pronounced at sign or simply as at, this symbol is used in e-mail addressing to separate the user' name from the user's domain name,...

Munging

(MUHN-jing) Munging (address munging), is the act of altering an email address posted on a Web page to make it unreadable to bots and...

How to Create an RSS Feed

In the second installment of RSS how-to, we look at some of the nonrequired (optional) channel and item tags, discuss RSS specifications in-depth and...

Dictionary Attack

(n.) (1) A method used to break security systems, specifically password-based security systems, in which the attacker systematically tests all possible passwords beginning with...

ScalaHosting

ScalaHosting is a leading managed hosting provider that offers secure, scalable, and affordable...

HRIS

Human resources information system (HRIS) solutions help businesses manage multiple facets of their...

Best Managed Service Providers...

In today's business world, managed services are more critical than ever. They can...