University Crest

[wlug] Researchers Help Shut Down Spam Botnet That Enslaved 4, 000 Linux Machines

wlug archive index About the wlug list Mailing lists home
To The University of Waikato HomepageWaikato Home > Waikato Mailing Lists > wlug Info > wlug archives
Peter Reutemann fracpete@w...
Sun Apr 10 11:31:52 NZST 2016

'A botnet that enslaved about 4,000 Linux computers and caused them to
blast the Internet with spam for more than a year has finally been
shut down. Sophisticated Mumblehard spamming malware flew under the
radar for five years. Known as Mumblehard, the botnet was the product
of highly skilled developers. It used a custom "packer" to conceal the
Perl-based source code that made it run, a backdoor that gave
attackers persistent access, and a mail daemon that was able to send
large volumes of spam. Command servers that coordinated the
compromised machines' operations could also send messages to Spamhaus
requesting the delisting of any Mumblehard-based IP addresses that
sneaked into the real-time composite blocking list, or CBL, maintained
by the anti-spam service. "There was a script automatically monitoring
the CBL for the IP addresses of all the spam-bots," researchers from
security firm Eset wrote in a blog post published Thursday. "If one
was found to be blacklisted, this script requested the delisting of
the IP address. Such requests are protected with a CAPTCHA to avoid
automation, but OCR (or an external service if OCR didn't work) was
used to break the protection."'

-- source:

Cheers, Peter
Peter Reutemann
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 858-5174

More information about the wlug mailing list
NOTICE: This is an archive of a public mailing list. The University of Waikato is not responsible for its contents.

The University of Waikato - Te Whare Wananga o Waikato