7 comments

[ 2.8 ms ] story [ 31.7 ms ] thread
8,500 unique IP addresses during 7 months. How is this not trivial?
That pirated copy of DirectMailer that you loaded onto your server also sends spam?! Whoda thunk it?
I know what you're saying... but this is odd:

"... we found that IP addresses hard-coded in the malware are closely tied to those of Yellsoft"

Learned a couple of things from linked research paper like always mount /tmp and /var/tmp as noexec, and some `dig` fu.
noexec can break a lot of things so please be mindful
Ya, was wondering about package install scripts.
You can remount those dirs without noexec when you need to do a legitimate install.