Saturday04 February 2023

Mumblehard Spamming Malware Making the Rounds in Joomla and WordPress sites

Reading time is around minutes.

There is a common belief that Linux and BSD operating systems are, by their nature, much more secure than anything Microsoft has ever released. The problem with this belief is that it is simply not true. Linux, BSD and Windows can all be made more secure than they are by default, but there is work involved and there is a tradeoff of ease of use when you start locking things down. Many web hosts running Linux or BSD do not really have the time or available man power to really lock their host systems down which leaves them vulnerable to a number of attacks.

We have seen these pop up over the last few years as the number of personal and small business websites explode. The use of simple content management systems like Joomla, Drupal and WordPress have helped this growth. Sadly it has also helped the growth of spammers, malware developers and other nefarious type on the internet.

Very recently ESET found a new form of malware that turns the host box (running Linux or BSD) into a nice spambot. The malware, called Mumblehard, gets into the system through vulnerabilities in both Joomla and WordPress. Once it gets a foot hold on your webserver it can send and receive commands along with being able to spam the world using your resources. ESET also feels that there is a link between this malware and a company called Yellsoft.

They feel this because the malware has been found in compromised copies of the Yellsoft program DirectMailer. Right now it looks like the compromised versions might be illegal copies that people are using with their websites. What makes things a little unusual is that the “bad guys” are still using IPs that are linked to Yellsoft. As you might imagine it has people wondering if the Russian software company might be involved. As of this writing there is no hard indication that they are, but they have also not responded to questions about this new report from ESET.

You can read more about Mublehard here

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.