Linux and BSD Web Servers at Risk of Sophisticated Mumblehard Infection (eset.com) 14 points by simas 11y ago ↗ HN
[–] noonespecial 11y ago ↗ That pirated copy of DirectMailer that you loaded onto your server also sends spam?! Whoda thunk it? [–] tux1968 11y ago ↗ I know what you're saying... but this is odd:"... we found that IP addresses hard-coded in the malware are closely tied to those of Yellsoft"
[–] tux1968 11y ago ↗ I know what you're saying... but this is odd:"... we found that IP addresses hard-coded in the malware are closely tied to those of Yellsoft"
[–] cruelfate 11y ago ↗ Learned a couple of things from linked research paper like always mount /tmp and /var/tmp as noexec, and some `dig` fu. [–] feld 11y ago ↗ noexec can break a lot of things so please be mindful [–] cruelfate 11y ago ↗ Ya, was wondering about package install scripts. [–] kjs3 11y ago ↗ You can remount those dirs without noexec when you need to do a legitimate install.
[–] feld 11y ago ↗ noexec can break a lot of things so please be mindful [–] cruelfate 11y ago ↗ Ya, was wondering about package install scripts. [–] kjs3 11y ago ↗ You can remount those dirs without noexec when you need to do a legitimate install.
[–] cruelfate 11y ago ↗ Ya, was wondering about package install scripts. [–] kjs3 11y ago ↗ You can remount those dirs without noexec when you need to do a legitimate install.
[–] kjs3 11y ago ↗ You can remount those dirs without noexec when you need to do a legitimate install.
7 comments
[ 2.8 ms ] story [ 31.7 ms ] thread"... we found that IP addresses hard-coded in the malware are closely tied to those of Yellsoft"