

Linux and BSD Web Servers at Risk of Sophisticated Mumblehard Infection - simas
http://www.eset.com/int/about/press/articles/malware/article/linux-and-bsd-web-servers-at-risk-of-sophisticated-mumblehard-infection-says-eset/

======
noonespecial
That pirated copy of DirectMailer that you loaded onto your server also sends
_spam_?! Whoda thunk it?

~~~
tux1968
I know what you're saying... but this is odd:

"... we found that IP addresses hard-coded in the malware are closely tied to
those of Yellsoft"

------
cruelfate
Learned a couple of things from linked research paper like always mount /tmp
and /var/tmp as noexec, and some `dig` fu.

~~~
feld
noexec can break a lot of things so please be mindful

~~~
cruelfate
Ya, was wondering about package install scripts.

~~~
kjs3
You can remount those dirs without noexec when you need to do a legitimate
install.

------
badalex
8,500 unique IP addresses during 7 months. How is this not trivial?

