Unnoticed for years, malware turned Linux and BSD servers into spamming machines
Eduardo Morras
emorrasg at yahoo.es
Sun May 3 18:36:09 UTC 2015
On Sun, 03 May 2015 12:23:53 -0600
jd1008 <jd1008 at gmail.com> wrote:
> More importantly, how do we disinfect? Reinstall the system?
> But the infiltration was done to a freshly installed system.
> We need to know what filenames are involved!!
You have the original news here:
http://www.eset.com/int/about/press/articles/malware/article/linux-and-bsd-web-servers-at-risk-of-sophisticated-mumblehard-infection-says-eset/
Here you can download a pdf describing it:
http://www.welivesecurity.com/wp-content/uploads/2015/04/mumblehard.pdf
And more info:
http://thehackernews.com/2015/05/Mumblehard-Linux-Malware.html
Last lines say:
"Web server administrators should check their servers for Mumblehard infections by looking for the so-called unwanted cronjob entries added by the malware in an attempt to activate the backdoor every 15-minute increments.
The backdoor is generally located in the /var/tmp or /tmp folders. You can deactivate this backdoor by mounting the tmp directory with the noexec option."
HTH
--- ---
Eduardo Morras <emorrasg at yahoo.es>
More information about the freebsd-questions
mailing list