Linux/Mumblehard [Threat Name]
Detection created | 2013-03-06 |
Short description
The trojan serves as a backdoor. It can be controlled remotely. The trojan can be used for sending spam.
Installation
The trojan is often included in the installation packages of programs downloaded from untrustworthy sources.
The trojan is included in the installation package of the DirectMailer application.
The trojan is usually found in the following folder:
- /tmp
- /var/tmp
The file name is randomly generated.
The trojan ensures it is run every 15 min. by adding an entry to the crontab configuration file.
Other information
The trojan serves as a backdoor. It can be controlled remotely.
The trojan acquires data and commands from a remote computer or the Internet.
The trojan contains a list of (10) URLs. The HTTP protocol is used in the communication.
It can execute the following operations:
- download files from a remote computer and/or the Internet
- send spam
- set up a proxy server
For further information follow the links below:
* Unboxing Linux/Mumblehard – Muttering spam from your servers