Linux/Mumblehard [Threat Name]

Detection created2013-03-06
Short description

The trojan serves as a backdoor. It can be controlled remotely. The trojan can be used for sending spam.

Installation

The trojan is often included in the installation packages of programs downloaded from untrustworthy sources.


The trojan is included in the installation package of the DirectMailer application.


The trojan is usually found in the following folder:

  • /tmp
  • /var/tmp

The file name is randomly generated.


The trojan ensures it is run every 15 min. by adding an entry to the crontab configuration file.

Other information

The trojan serves as a backdoor. It can be controlled remotely.


The trojan acquires data and commands from a remote computer or the Internet.


The trojan contains a list of (10) URLs. The HTTP protocol is used in the communication.


It can execute the following operations:

  • download files from a remote computer and/or the Internet
  • send spam
  • set up a proxy server

For further information follow the links below:


* Unboxing Linux/Mumblehard – Muttering spam from your servers

Please enable Javascript to ensure correct displaying of this content and refresh this page.