Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 3 May 2015 20:36:07 +0200
From:      Eduardo Morras <>
Subject:   Re: Unnoticed for years, malware turned Linux and BSD servers into spamming machines
Message-ID:  <>
In-Reply-To: <>
References:  <> <> <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Sun, 03 May 2015 12:23:53 -0600
jd1008 <> wrote:

> More importantly, how do we disinfect? Reinstall the system?
> But the infiltration was done to a freshly installed system.
> We need to know what filenames are involved!!

You have the original news here:

Here you can download a pdf describing it:

And more info:

Last lines say:
 "Web server administrators should check their servers for Mumblehard infections by looking for the so-called unwanted cronjob entries added by the malware in an attempt to activate the backdoor every 15-minute increments.

The backdoor is generally located in the /var/tmp or /tmp folders. You can deactivate this backdoor by mounting the tmp directory with the noexec option."


---   ---
Eduardo Morras <>

Want to link to this message? Use this URL: <>