| crockett |
05-02-2015 02:20 PM |
direct mailer from yellsoft has had back door for 5 years
Unnoticed for years, malware turned Linux and BSD servers into spamming machines
These guys were selling anonymous spamming software but also leaked a pirated copy of their own software. In this pirated copy they had a black door which turned Linux and BSD servers into spam bots.
They were able to keep it going for 5 years with out getting caught until now.
A snippet from the article..
Quote:
The price of the software is $240, but interestingly enough, there is a link to a site offering a "cracked" version of DirectMailer. The developers explicitly say that they don't provide technical support for users of pirated versions of DirectMailer downloaded from that site or any other, but the fact that they provide a direct link is strange.
"Why would you want to show where to steal your software?" asks Leveille, and comments that it is this, and the facts that Yellsoft’s homepage seems to be hosted on the same server as Mumblehard’s backdoor and spammer C&C server and that the pirated DirectMailer and Mumblehard’s spammer share code what makes them suspect they are the same group.
The pirated DirectMailer copies contain the Mumblehard backdoor, and when users install them, they give the operators a backdoor to their servers, and allow them to send spam from and proxy traffic through them.
I wondered whether the original DirectMailer software contained the backdoor, too, but Leveille couldn't answer that question for me.
"We do not know if the paid-for version of DirectMailer also include the backdoor or not. We did not, and didn’t want to, buy software from Yellsoft," he noted. "If anyone has a paid copy they are willing to send us, we’d be glad to analyze it and confirm if the backdoor is present."
What's worrying, he says, is that the Mumblehard operators have been active for many years without disruption.
|
|
