[BlueOnyx:17491] Re: Hard to Find Infection
Tigerwolf
tigerwolf at tigerden.com
Thu Apr 30 17:58:14 -05 2015
On Thu, 30 Apr 2015, Rodrigo Ordoñez wrote:
> We would like to share a hard to find infection on a virtual blueonyx
> 5106.
>
> A user got his password compromised and allowed the upload of a few php
> files, that downloaded an httpd.pl file.
>
> The Perl program was in fact some sort of smtp engine, that, injected a
> cronjob that ran every 15 minutes, from the /tmp directory.
It's called Mumblehard.
http://arstechnica.com/security/2015/04/30/spam-blasting-malware-infects-thousands-of-linux-and-freebsd-servers/
More information about the Blueonyx
mailing list